Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

35 advisories

Loading
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Rack arbitrary code execution via timing attack Moderate
CVE-2013-0263 was published for rack (RubyGems) May 5, 2022
jhutchings1
Insertion of Sensitive Information into Log File in Hashicorp go-getter Moderate
CVE-2022-29810 was published for github.com/hashicorp/go-getter (Go) Apr 28, 2022
jhutchings1
Nokogiri is vulnerable to XML External Entity (XXE) attack High
CVE-2012-6685 was published for nokogiri (RubyGems) Apr 23, 2022
jhutchings1
Cross site scripting in actionpack Rubygem Moderate
CVE-2011-1497 was published for actionpack (RubyGems) Apr 22, 2022
jhutchings1 jasnow
Ansible discloses sensitive information in traceback error message Moderate
CVE-2021-3620 was published for ansible (pip) Mar 4, 2022
jhutchings1
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. Moderate
CVE-2022-0691 was published for url-parse (npm) Feb 22, 2022
jhutchings1 Kenny2github
y-yagi Haxatron
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-36567 was published for topthink/framework (Composer) Dec 7, 2021
jhutchings1
Access Restriction Bypass in kube-apiserver Moderate
CVE-2021-25735 was published for k8s.io/kubernetes (Go) May 28, 2021
jhutchings1
DLL Injection in kerberos High
CVE-2020-13110 was published for kerberos (npm) Sep 4, 2020
jhutchings1
ProTip! Advisories are also available from the GraphQL API