Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
ReDoS based DoS vulnerability in GlobalID Low
CVE-2023-22799 was published for globalid (RubyGems) Jan 18, 2023
tdunlap607 Credited to tdunlap607
HashiCorp Nomad vulnerable to Insufficient Session Expiration Low
CVE-2022-3867 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607 Credited to tdunlap607
etcd user credentials are stored in WAL logs in plaintext Low
GHSA-528j-9r78-wffx was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
tdunlap607 Credited to tdunlap607
Argo CD SSO users vulnerable to Cross-site Scripting Low
CVE-2022-31102 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
AdamKorcz Credited to AdamKorcz, DavidKorczynski, and tdunlap607 DavidKorczynski DavidKorczynski
tdunlap607 tdunlap607
Shopware user session is not logged out if the password is reset via password recovery Low
CVE-2022-24744 was published for shopware/core (Composer) Mar 10, 2022
tdunlap607 Credited to tdunlap607
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr Low
CVE-2017-18869 was published for chownr (npm) Feb 10, 2022
tdunlap607 Credited to tdunlap607
Ambiguous OCI manifest parsing Low
GHSA-5j5w-g665-5m35 was published for github.com/containerd/containerd (Go) Nov 18, 2021
tdunlap607 Credited to tdunlap607
Use of a Broken or Risky Cryptographic Algorithm Low
CVE-2021-27913 was published for mautic/core (Composer) Sep 1, 2021
michaellrowley Credited to michaellrowley, mohit-rocks, and tdunlap607 mohit-rocks mohit-rocks
tdunlap607 tdunlap607
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign Low
CVE-2021-32715 was published for hyper (Rust) Jul 12, 2021
mattiasgrenfeldt Credited to mattiasgrenfeldt, asta12, and tdunlap607 asta12 asta12
tdunlap607 tdunlap607
Open Redirect in Flask-Security-Too Low
CVE-2021-32618 was published for Flask-Security-Too (pip) May 17, 2021
tdunlap607 Credited to tdunlap607
Potential sensitive information disclosed in error reports Low
CVE-2021-21416 was published for django-registration (pip) Apr 6, 2021
martinmo Credited to martinmo and tdunlap607 tdunlap607 tdunlap607
The `size` option isn't honored after following a redirect in node-fetch Low
CVE-2020-15168 was published for node-fetch (npm) Sep 10, 2020
rynop Credited to rynop, tdunlap607, and ziviseal tdunlap607 tdunlap607
ziviseal ziviseal
Reverse Tabnabbing in showdown Low
GHSA-h6mq-3cj6-h738 was published for showdown (npm) Sep 3, 2020
tdunlap607 Credited to tdunlap607
Remote Memory Disclosure in ws Low
CVE-2016-10518 was published for ws (npm) Feb 18, 2019
tdunlap607 Credited to tdunlap607
ember-source Cross-site Scripting vulnerability Low
CVE-2014-0046 was published for ember-source (RubyGems) Aug 28, 2018
tdunlap607 Credited to tdunlap607 and anlakii anlakii anlakii
RuboCop gem Insecure use of /tmp Low
CVE-2017-8418 was published for rubocop (RubyGems) Nov 15, 2017
tdunlap607 Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database