Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
Information disclosure in Django High
CVE-2021-45116 was published for Django (pip) Jan 12, 2022
tdunlap607 Credited to tdunlap607
Incorrect Default Permissions in Cobbler High
CVE-2021-45083 was published for cobbler (pip) Feb 21, 2022
tdunlap607 Credited to tdunlap607
Pylons Colander Denial of Service vulnerability High
CVE-2017-18361 was published for colander (pip) Feb 7, 2019
tdunlap607 Credited to tdunlap607
Aubio is vulnerable to a NULL pointer dereference in new_aubio_notes function High
CVE-2018-19802 was published for aubio (pip) Jul 26, 2019
tdunlap607 Credited to tdunlap607
Arches vulnerable to execution of arbitrary SQL High
CVE-2022-41892 was published for arches (pip) Nov 11, 2022
sylwia-budzynska Credited to sylwia-budzynska and tdunlap607 tdunlap607 tdunlap607
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures High
GHSA-gq5r-cc4w-g8xf was published for github.com/russellhaering/gosaml2 (Go) Jun 23, 2021 withdrawn
tdunlap607 Credited to tdunlap607
Improper handling of case sensitivity in Spring Framework High
CVE-2022-22968 was published for org.springframework:spring-context (Maven) Apr 15, 2022
tdunlap607 Credited to tdunlap607, amita-seal, and SunBK201 amita-seal amita-seal
SunBK201 SunBK201
Next.js Directory Traversal Vulnerability High
CVE-2017-16877 was published for next (npm) Dec 5, 2017
tdunlap607 Credited to tdunlap607
Array size is not checked in sized-chunks High
CVE-2020-25792 was published for sized-chunks (Rust) Aug 25, 2021
tdunlap607 Credited to tdunlap607
Stored XSS vulnerability on Bounce Management Callback High
CVE-2021-27910 was published for mautic/core (Composer) Sep 1, 2021
tdunlap607 Credited to tdunlap607
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks Credited to isometriks and tdunlap607 tdunlap607 tdunlap607
Exposure of Resource to Wrong Sphere in Drupal Core High
CVE-2020-13670 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607 Credited to tdunlap607
Vault GitHub Action did not correctly mask multi-line secrets in output High
CVE-2021-32074 was published for hashicorp/vault-action (GitHub Actions) May 24, 2022
tdunlap607 Credited to tdunlap607 and Gentoli Gentoli Gentoli
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat High
CVE-2017-7675 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
tdunlap607 Credited to tdunlap607
Stack consumption in trust-dns-server High
CVE-2020-35857 was published for trust-dns-server (Rust) Aug 25, 2021
tdunlap607 Credited to tdunlap607
Regular Expression Denial of Service in tough-cookie High
CVE-2017-15010 was published for tough-cookie (npm) Jul 24, 2018
tdunlap607 Credited to tdunlap607
SQL Injection in sequelize High
CVE-2019-11069 was published for sequelize (npm) Apr 11, 2019
tdunlap607 Credited to tdunlap607
activerecord vulnerable to SQL Injection High
CVE-2011-0448 was published for activerecord (RubyGems) Oct 24, 2017
tdunlap607 Credited to tdunlap607
yajl-ruby gem Denial of Service vulnerability High
CVE-2017-16516 was published for yajl-ruby (RubyGems) Nov 28, 2017
tdunlap607 Credited to tdunlap607
Cross-Site Scripting in swagger-ui High
CVE-2016-1000233 was published for swagger-ui (npm) Sep 1, 2020
tdunlap607 Credited to tdunlap607
Improper Input Validation in multi_xml High
CVE-2013-0175 was published for multi_xml (RubyGems) Oct 24, 2017
tdunlap607 Credited to tdunlap607
Password exposure in ShenYu High
CVE-2022-23223 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607 Credited to tdunlap607
Use of Uninitialized Resource in smallvec High
CVE-2018-25023 was published for smallvec (Rust) Jan 6, 2022
tdunlap607 Credited to tdunlap607
Knex.js has a limited SQL injection vulnerability High
CVE-2016-20018 was published for knex (npm) Dec 19, 2022
alokmenghrajani Credited to alokmenghrajani, pmartinat, and tdunlap607 pmartinat pmartinat
tdunlap607 tdunlap607
code injection in phpxmlrpc/phpxmlrpc High
GHSA-3fgr-xjr6-xqm8 was published for phpxmlrpc/phpxmlrpc (Composer) Nov 28, 2022
tdunlap607 Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database