Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

298 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in AEgir Critical
CVE-2020-11059 was published for aegir (npm) May 27, 2020
tdunlap607
Credited to tdunlap607
Incorrect Authorization in Drupal core Moderate
CVE-2020-13676 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Credited to tdunlap607
Command Injection in node-rules High
GHSA-8whr-v3gm-w8h9 was published for node-rules (npm) Sep 3, 2020
tdunlap607
Credited to tdunlap607
Password exposure in ShenYu High
CVE-2022-23223 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Credited to tdunlap607
Cross-Site Scripting in diagram-js Moderate
GHSA-8fw4-xh83-3j6q was published for diagram-js (npm) Sep 11, 2020
tdunlap607
Credited to tdunlap607
Use of Uninitialized Resource in smallvec High
CVE-2018-25023 was published for smallvec (Rust) Jan 6, 2022
tdunlap607
Credited to tdunlap607
Regular Expression Denial of Service in simple-markdown Moderate
GHSA-4xf9-pgvv-xx67 was published for simple-markdown (npm) Sep 3, 2020
tdunlap607
Credited to tdunlap607
Knex.js has a limited SQL injection vulnerability High
CVE-2016-20018 was published for knex (npm) Dec 19, 2022
alokmenghrajani pmartinat
tdunlap607
Credited to alokmenghrajani, pmartinat, and tdunlap607
Cross-site scripting in TileServer GL Moderate
CVE-2020-15500 was published for tileserver-gl (npm) May 17, 2021
tdunlap607
Credited to tdunlap607
code injection in phpxmlrpc/phpxmlrpc High
GHSA-3fgr-xjr6-xqm8 was published for phpxmlrpc/phpxmlrpc (Composer) Nov 28, 2022
tdunlap607
Credited to tdunlap607
API keys stored in plain text by Jenkins Katalon Plugin Moderate
CVE-2022-43419 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault tdunlap607
Credited to NotMyFault and tdunlap607
Cross-Site Scripting in @hapi/boom Moderate
GHSA-2ggq-vfcp-gwhj was published for @hapi/boom (npm) Sep 4, 2020
tdunlap607
Credited to tdunlap607
Cross-Site Scripting in swagger-ui Moderate
GHSA-4f9m-pxwh-68hg was published for swagger-ui (npm) Sep 11, 2020
tdunlap607
Credited to tdunlap607
ff4j is vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-44262 was published for org.ff4j:ff4j-core (Maven) Dec 1, 2022
njimenezotto tdunlap607
Credited to njimenezotto and tdunlap607
Prototype Pollution in asciitable.js Critical
CVE-2020-7771 was published for asciitable.js (npm) Apr 13, 2021
tdunlap607
Credited to tdunlap607
Remote Memory Disclosure in ws Low
CVE-2016-10518 was published for ws (npm) Feb 18, 2019
tdunlap607
Credited to tdunlap607
Out-of-bounds write in stack Critical
CVE-2020-35895 was published for stack (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
parse-server crashes when receiving file download request with invalid byte range High
CVE-2022-39313 was published for parse-server (npm) Oct 18, 2022
hej2010 tdunlap607
Credited to hej2010 and tdunlap607
Command Injection in egg-scripts Critical
CVE-2018-3786 was published for egg-scripts (npm) Sep 17, 2018
tdunlap607
Credited to tdunlap607
Buffer overflow in SmallVec::insert_many Critical
CVE-2021-25900 was published for smallvec (Rust) May 24, 2022
tdunlap607
Credited to tdunlap607
Session Fixation in ipsilon Critical
CVE-2016-8638 was published for ipsilon (pip) May 14, 2022
tdunlap607
Credited to tdunlap607
Reference counting error in pyo3 Moderate
CVE-2020-35917 was published for pyo3 (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
ReDoS based DoS vulnerability in GlobalID Low
CVE-2023-22799 was published for globalid (RubyGems) Jan 18, 2023
tdunlap607
Credited to tdunlap607
Remote Memory Exposure in request Moderate
CVE-2017-16026 was published for request (npm) Nov 9, 2018
tdunlap607
Credited to tdunlap607
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input High
CVE-2017-16138 was published for mime (npm) Jul 20, 2018
rsalvo77 tdunlap607
Credited to rsalvo77 and tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database