GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
161 advisories
Filter by severity
Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944
Moderate
CVE-2020-17515
was published
for
apache-airflow
(pip)
Apr 20, 2021
Improper Access Control in Apache Airflow
Moderate
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Regular Expression Denial of Service (ReDoS) in Pillow
Moderate
CVE-2021-25292
was published
for
Pillow
(pip)
Mar 29, 2021
SSRF vulnerability in Apache Airflow
Moderate
CVE-2020-17513
was published
for
apache-airflow
(pip)
Dec 17, 2020
Apache ActiveMQ webconsole admin GUI is open to XSS
Moderate
CVE-2020-1941
was published
for
org.apache.activemq:activemq-web-console
(Maven)
May 21, 2020
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
Moderate
CVE-2020-5397
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
Django allows unintended model editing
Moderate
CVE-2019-19118
was published
for
Django
(pip)
Dec 4, 2019
Apache Airflow vulnerable to XSS and local file disclosure
Moderate
CVE-2019-12417
was published
for
airflow
(pip)
Nov 22, 2019
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Moderate
CVE-2015-7559
was published
for
org.apache.activemq:activemq-client
(Maven)
Aug 1, 2019
Deserialization of untrusted data in FasterXML jackson-databind
Moderate
CVE-2019-12814
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 17, 2019
Deserialization of Untrusted Data in FasterXML jackson-databind
Moderate
CVE-2019-12384
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jul 5, 2019
Django Cross-site Scripting in AdminURLFieldWidget
Moderate
CVE-2019-12308
was published
for
Django
(pip)
Jun 10, 2019
Cross-site scripting in Apache Tomcat
Moderate
CVE-2019-0221
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 30, 2019
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2019-0216
was published
for
apache-airflow
(pip)
Apr 12, 2019
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2018-20244
was published
for
apache-airflow
(pip)
Mar 6, 2019
Django open redirect and possible XSS attack via user-supplied numeric redirect URLs
Moderate
CVE-2017-7233
was published
for
Django
(pip)
Jan 4, 2019
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Moderate
CVE-2018-7537
was published
for
django
(pip)
Jan 4, 2019
Apache ActiveMQ web console vulnerable to Cross-site Scripting
Moderate
CVE-2018-8006
was published
for
org.apache.activemq:activemq-web-console
(Maven)
Oct 30, 2018
Pivotal Spring Framework DoS Attack with XML Input
Moderate
CVE-2015-3192
was published
for
org.springframework:spring-web
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.springframework:spring-core
Moderate
CVE-2015-0201
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Path Traversal in org.springframework:spring-core
Moderate
CVE-2018-1271
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Denial of Service in org.springframework:spring-core
Moderate
CVE-2018-1257
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
Moderate
CVE-2018-1199
was published
for
org.springframework.security:spring-security-core
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API