Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
Moodle context freezing Moderate
CVE-2019-3852 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131 Credited to MarkLee131 and decsecre583 decsecre583 decsecre583
Moodle sensitive information disclosure Moderate
CVE-2015-5340 was published for moodle/moodle (Composer) May 13, 2022
decsecre583 Credited to decsecre583
phpMyAdmin Denial Of Service (DOS) attack High
CVE-2016-5706 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
decsecre583 Credited to decsecre583
Nokogiri Improperly Handles Unexpected Data Type High
CVE-2022-29181 was published for nokogiri (RubyGems) May 23, 2022
agustingianni Credited to agustingianni and decsecre583 decsecre583 decsecre583
IPC messages delivered to the wrong frame in Electron Moderate
CVE-2020-26272 was published for electron (npm) Jan 28, 2021
nornagon Credited to nornagon and decsecre583 decsecre583 decsecre583
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling Low
CVE-2021-41136 was published for puma (RubyGems) Oct 12, 2021
asta12 Credited to asta12, mattiasgrenfeldt, and decsecre583 mattiasgrenfeldt mattiasgrenfeldt
decsecre583 decsecre583
Ansible fails to properly mark lookup-plugin results as unsafe Critical
CVE-2017-7481 was published for ansible (pip) Sep 6, 2018
decsecre583 Credited to decsecre583
Prototype Pollution in hoek High
CVE-2018-3728 was published for hoek (npm) Apr 26, 2018
decsecre583 Credited to decsecre583
Symfony Service IDs Allow Injection Critical
CVE-2019-10910 was published for symfony/dependency-injection (Composer) Nov 18, 2019
decsecre583 Credited to decsecre583
Unsafe deserialization in SmtpTransport in CakePHP High
CVE-2019-11458 was published for cakephp/cakephp (Composer) Dec 2, 2019
ravage84 Credited to ravage84 and decsecre583 decsecre583 decsecre583
plugin.yaml file allows for duplicate entries in helm Low
CVE-2020-15187 was published for helm.sh/helm (Go) May 24, 2021
decsecre583 Credited to decsecre583
Resource exhaustion in engine.io High
CVE-2020-36048 was published for engine.io (npm) Feb 9, 2022
darrachequesne Credited to darrachequesne, G-Rath, and decsecre583 G-Rath G-Rath
decsecre583 decsecre583
October CMS vulnerable to Potential Host Header Poisoning on misconfigured servers Low
CVE-2021-21265 was published for october/backend (Composer) Mar 10, 2021
decsecre583 Credited to decsecre583
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-29505 was published for com.thoughtworks.xstream:xstream (Maven) May 18, 2021
decsecre583 Credited to decsecre583
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
decsecre583 Credited to decsecre583
LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags() Moderate
CVE-2026-27016 was published for librenms/librenms (Composer) Feb 18, 2026
decsecre583 Credited to decsecre583
MongoDB driver extension affected by mongoc_bulk_operation_t's read of invalid memory Moderate
CVE-2025-12119 was published for mongodb/mongodb-extension (Composer) Nov 19, 2025
decsecre583 Credited to decsecre583
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database