Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

298 advisories

Loading
Duplicate Advisory: Regular Expression Denial of Service in simple-markdown Moderate
GHSA-4xf9-pgvv-xx67 was published for simple-markdown (npm) Sep 3, 2020 withdrawn
tdunlap607 Credited to tdunlap607
Duplicate Advisory: Command Injection in node-rules High
GHSA-8whr-v3gm-w8h9 was published for node-rules (npm) Sep 3, 2020 withdrawn
tdunlap607 Credited to tdunlap607
Angular vulnerable to Cross-site Scripting Moderate
CVE-2020-7676 was published for angular (npm) Jun 18, 2020
tdunlap607 Credited to tdunlap607
GitPython vulnerable to Remote Code Execution due to improper user input validation Critical
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss Credited to ad-m-ss and tdunlap607 tdunlap607 tdunlap607
Rails::Html::Sanitizer vulnerable to Cross-site Scripting Moderate
CVE-2022-32209 was published for rails-html-sanitizer (RubyGems) Jun 25, 2022
tdunlap607 Credited to tdunlap607
ZK Framework vulnerable to malicious POST High
CVE-2022-36537 was published for org.zkoss.zk:zk (Maven) Aug 27, 2022
tdunlap607 Credited to tdunlap607
ember-source Cross-site Scripting vulnerability Low
CVE-2014-0046 was published for ember-source (RubyGems) Aug 28, 2018
tdunlap607 Credited to tdunlap607 and anlakii anlakii anlakii
Duplicate Advisory: Authentication Bypass by CSRF Weakness Critical
GHSA-6mqr-q86q-6gwr was published for spree_auth_devise (RubyGems) Nov 18, 2021 withdrawn
jasnow Credited to jasnow and tdunlap607 tdunlap607 tdunlap607
Regular Expression Denial of Service in papaparse High
CVE-2020-36649 was published for papaparse (npm) Sep 4, 2020
tdunlap607 Credited to tdunlap607 and raner raner raner
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607 Credited to tdunlap607
Browsershot version 3.57.3 vulnerable to improper input validation Moderate
CVE-2022-43984 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607 Credited to tdunlap607
csaf-poc/csaf_distribution Cross-site Scripting vulnerability Moderate
CVE-2022-43996 was published for github.com/csaf-poc/csaf_distribution (Go) Dec 14, 2022
tdunlap607 Credited to tdunlap607
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter) Critical
CVE-2022-47408 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
ohader Credited to ohader and tdunlap607 tdunlap607 tdunlap607
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution Moderate
CVE-2022-31683 was published for github.com/concourse/concourse (Go) Oct 19, 2022
rickramgattie Credited to rickramgattie and tdunlap607 tdunlap607 tdunlap607
Hashicorp Nomad Information Exposure Through Environmental Variables Moderate
CVE-2019-14802 was published for github.com/hashicorp/nomad (Go) Feb 15, 2022
tdunlap607 Credited to tdunlap607
cleo is vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2022-42966 was published for cleo (pip) Nov 10, 2022
neersighted Credited to neersighted and tdunlap607 tdunlap607 tdunlap607
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607 Credited to tdunlap607
activesupport Cross-site Scripting vulnerability Moderate
CVE-2012-3464 was published for activesupport (RubyGems) Oct 24, 2017
tdunlap607 Credited to tdunlap607 and levpachmanov levpachmanov levpachmanov
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43570 was published for com.starkbank.ellipticcurve:starkbank-ecdsa (Maven) Nov 10, 2021
tdunlap607 Credited to tdunlap607 and binary-1024 binary-1024 binary-1024
.NET Remote Code Execution Vulnerability High
CVE-2022-41089 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Dec 14, 2022
tdunlap607 Credited to tdunlap607
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file High
CVE-2015-5163 was published for glance (pip) May 17, 2022
tdunlap607 Credited to tdunlap607
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields High
CVE-2021-29434 was published for wagtail (pip) Apr 20, 2021
kevthehermit Credited to kevthehermit, gasman, and tdunlap607 gasman gasman
tdunlap607 tdunlap607
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607 Credited to tdunlap607
Improper Certificate Validation in urllib3 High
CVE-2019-11324 was published for urllib3 (pip) Apr 19, 2019
tdunlap607 Credited to tdunlap607
Ansible password prompts could expose passwords High
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607 Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database