Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,667
Maven
5,000+
npm
4,295
NuGet
760
pip
4,073
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

298 advisories

Loading
Rosetta-Flash JSONP Vulnerability in hapi Moderate
CVE-2014-4671 was published for hapi (npm) Aug 31, 2020
tdunlap607
Credited to tdunlap607
Cross-site scripting (XSS) from field and configuration text displayed in the Panel High
CVE-2021-32735 was published for getkirby/cms (Composer) Jul 2, 2021
hdodov tdunlap607
Credited to hdodov and tdunlap607
OHDSI WebAPI vulnerable to SQL Injection Critical
CVE-2019-15563 was published for org.ohdsi:WebAPI (Maven) May 24, 2022
tdunlap607
Credited to tdunlap607
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
Credited to plygrnd and tdunlap607
Cross site scripting in safe-svg Moderate
CVE-2022-1091 was published for darylldoyle/safe-svg (Composer) Apr 19, 2022
tdunlap607
Credited to tdunlap607
Insecure Cryptography Algorithm in simple-crypto-js Moderate
GHSA-5v7r-jg9r-vq44 was published for simple-crypto-js (npm) Sep 3, 2020
tdunlap607
Credited to tdunlap607
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server Moderate
CVE-2022-24904 was published for github.com/argoproj/argo-cd/v2 (Go) May 23, 2022
crenshaw-dev tdunlap607
Credited to crenshaw-dev and tdunlap607
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
GHSA-6hgr-2g6q-3rmc was published for com.vaadin:flow-client (Maven) Apr 22, 2021
tdunlap607
Credited to tdunlap607
Capture-replay in Gitea Critical
CVE-2021-45327 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
tdunlap607
Credited to tdunlap607
Path Traversal in decompress Critical
CVE-2020-12265 was published for decompress (npm) Sep 3, 2020
tdunlap607
Credited to tdunlap607
Calculation error in ark-r1cs-std Critical
CVE-2021-38194 was published for ark-r1cs-std (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch High
CVE-2022-2576 was published for org.eclipse.californium:californium-core (Maven) Jul 30, 2022
tdunlap607
Credited to tdunlap607
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui High
GHSA-v988-828w-xvf2 was published for rucio-webui (pip) Oct 22, 2021
tdunlap607
Credited to tdunlap607
Arbitrary file reads in HashiCorp Nomad High
CVE-2022-24683 was published for github.com/hashicorp/nomad (Go) Feb 18, 2022
tdunlap607
Credited to tdunlap607
Improper Authorization in aedes Moderate
CVE-2018-3778 was published for aedes (npm) Aug 15, 2018
tdunlap607
Credited to tdunlap607
SQL Injection via GeoJSON in sequelize Critical
CVE-2016-1000225 was published for sequelize (npm) Sep 1, 2020
tdunlap607
Credited to tdunlap607
Directory Traversal in serve Moderate
CVE-2018-3712 was published for serve (npm) Jul 27, 2018
tdunlap607
Credited to tdunlap607
Improper Input Validation in sanitize-html Moderate
CVE-2021-26539 was published for sanitize-html (npm) May 6, 2021
tdunlap607
Credited to tdunlap607
Out-of-bounds Read in base64url Moderate
GHSA-rvg8-pwq2-xj7q was published for base64url (npm) Sep 1, 2020
tdunlap607
Credited to tdunlap607
Remote command injection when using sendmail email transport Moderate
GHSA-wfrj-qqc2-83cm was published for ghost (npm) Sep 20, 2021
tdunlap607
Credited to tdunlap607
Switcher Client contains Regular Expression Denial of Service (ReDoS) High
CVE-2023-23925 was published for switcher-client (npm) Feb 2, 2023
petruki tdunlap607
Credited to petruki and tdunlap607
ember-source Cross-site Scripting vulnerability Moderate
CVE-2014-0014 was published for ember-source (RubyGems) May 14, 2022
tdunlap607
Credited to tdunlap607
Path traversal in ServiceCenter High
CVE-2021-21501 was published for github.com/apache/servicecomb-service-center (Go) Sep 1, 2021
tdunlap607
Credited to tdunlap607
Concrete CMS vulnerable to Reflected Cross-site Scripting Moderate
CVE-2022-43692 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
Credited to tdunlap607
Missing authentication in ShenYu Critical
CVE-2022-23944 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database