GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
PySAML2 XML external entity attack
Critical
CVE-2016-10127
was published
for
pysaml2
(pip)
May 17, 2022
PyJWT vulnerable to key confusion attacks
High
CVE-2017-11424
was published
for
pyjwt
(pip)
May 13, 2022
JupyterHub OAuthenticator elevation of privilege
High
CVE-2018-7206
was published
for
oauthenticator
(pip)
May 13, 2022
Numpy arbitrary file write via symlink attack
High
CVE-2014-1859
was published
for
numpy
(pip)
May 14, 2022
Improper input validation in cryptography
High
CVE-2016-9243
was published
for
cryptography
(pip)
May 17, 2022
Ansible discloses sensitive information in traceback error message
Moderate
CVE-2021-3620
was published
for
ansible
(pip)
Mar 4, 2022
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
Scrapy denial of service vulnerability
High
CVE-2017-14158
was published
for
scrapy
(pip)
May 17, 2022
PHP League CommonMark vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-20583
was published
for
league/commonmark
(Composer)
May 14, 2022
Regular expression denial of service in scss-tokenizer
High
CVE-2022-25758
was published
for
scss-tokenizer
(npm)
Jul 2, 2022
keycloak vulnerable to unauthorized login via mail server setup
Critical
CVE-2019-14837
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
jQuery vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2011-4969
was published
for
jQuery
(RubyGems)
May 14, 2022
Kimai v2 is vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2019-15481
was published
for
kevinpapst/kimai2
(Composer)
May 24, 2022
Electron vulnerable to URL spoofing via PDFium
Moderate
CVE-2017-1000424
was published
for
Electron
(npm)
May 13, 2022
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Moderate
CVE-2022-0691
was published
for
url-parse
(npm)
Feb 22, 2022
Passport vulnerable to session regeneration when a users logs in or out
Moderate
CVE-2022-25896
was published
for
passport
(npm)
Jul 2, 2022
Access Restriction Bypass in kube-apiserver
Moderate
CVE-2021-25735
was published
for
k8s.io/kubernetes
(Go)
May 28, 2021
i18n Vulnerable to Denial of Service Attack
High
CVE-2014-10077
was published
for
i18n
(RubyGems)
May 14, 2022
Cross site scripting in actionpack Rubygem
Moderate
CVE-2011-1497
was published
for
actionpack
(RubyGems)
Apr 22, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack
High
CVE-2012-6685
was published
for
nokogiri
(RubyGems)
Apr 23, 2022
Rack arbitrary code execution via timing attack
Moderate
CVE-2013-0263
was published
for
rack
(RubyGems)
May 5, 2022
Insertion of Sensitive Information into Log File in Hashicorp go-getter
Moderate
CVE-2022-29810
was published
for
github.com/hashicorp/go-getter
(Go)
Apr 28, 2022
Expo on iOS is insecure due incorrect security attribute application
Moderate
CVE-2020-24653
was published
for
expo
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API