GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
281 advisories
Apache Tomcat affected by vulnerability in TLS and SSL protocol
Critical
CVE-2009-3555
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Improper query string handling in Django
High
CVE-2010-4534
was published
for
Django
(pip)
Jul 23, 2018
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
High
CVE-2018-15758
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 19, 2018
MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2020-15883
was published
for
munkireport/managedinstalls
(Composer)
May 24, 2022
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment
Moderate
CVE-2020-15885
was published
for
munkireport/comment
(Composer)
May 24, 2022
Regular expression denial-of-service in Django
Moderate
CVE-2024-27351
was published
for
django
(pip)
Mar 15, 2024
Mattermost password hash disclosure vulnerability
Moderate
CVE-2023-5968
was published
for
github.com/mattermost/mattermost-server
(Go)
Nov 6, 2023
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2022-43183
was published
for
com.xuxueli:xxl-job-core
(Maven)
Nov 17, 2022
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data
High
CVE-2023-25194
was published
for
org.apache.kafka:connect
(Maven)
Feb 7, 2023
Moodle context freezing
Moderate
CVE-2019-3852
was published
for
moodle/moodle
(Composer)
May 13, 2022
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)
Moderate
CVE-2022-47407
was published
for
fixpunkt/fp-masterquiz
(Composer)
Dec 14, 2022
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
Moderate
CVE-2023-25727
was published
for
phpmyadmin/phpmyadmin
(Composer)
Feb 13, 2023
XXE in PHPSpreadsheet due to encoding issue
High
CVE-2018-19277
was published
for
phpoffice/phpexcel
(Composer)
Nov 20, 2019
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpexcel
(Composer)
Nov 20, 2019
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Moderate
CVE-2023-43123
was published
for
org.apache.storm:storm-core
(Maven)
Nov 23, 2023
Spring Framework has Improperly Implemented Security Check for Standard
Critical
CVE-2018-1275
was published
for
org.springframework:spring-messaging
(Maven)
Oct 17, 2018
Django DNS Rebinding Vulnerability
Critical
CVE-2016-9014
was published
for
Django
(pip)
May 17, 2022
Django vulnerable to Denial of Service via i18n middleware component
High
CVE-2007-5712
was published
for
Django
(pip)
May 1, 2022
Django contains Uncontrolled Resource Consumption via cached header
High
CVE-2023-23969
was published
for
django
(pip)
Feb 1, 2023
Denial-of-service possibility in logout() view by filling session store
Moderate
CVE-2015-5964
was published
for
Django
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API