GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
Regular expression denial of service in scss-tokenizer
High
CVE-2022-25758
was published
for
scss-tokenizer
(npm)
Jul 2, 2022
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
High
CVE-2017-9804
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Laravel Sensitive Data Exposure
Moderate
CVE-2017-14775
was published
for
illuminate/auth
(Composer)
May 17, 2022
Silverstripe Flash Clipboard Reflected XSS
Moderate
CVE-2019-12205
was published
for
silverstripe/admin
(Composer)
May 24, 2022
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
semver vulnerable to Regular Expression Denial of Service
Moderate
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
Scrapy denial of service vulnerability
High
CVE-2017-14158
was published
for
scrapy
(pip)
May 17, 2022
xml2js is vulnerable to prototype pollution
Moderate
CVE-2023-0842
was published
for
xml2js
(npm)
Apr 5, 2023
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
Server-Side Request Forgery in Request
Moderate
CVE-2023-28155
was published
for
@cypress/request
(npm)
Mar 16, 2023
Regular Expression Denial of Service in debug
Low
CVE-2017-16137
was published
for
debug
(npm)
Aug 9, 2018
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-37599
was published
for
loader-utils
(npm)
Oct 12, 2022
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
Kaminari Insecure File Permissions Vulnerability
Moderate
CVE-2024-32978
was published
for
kaminari
(RubyGems)
May 28, 2024
NPM IP package incorrectly identifies some private IP addresses as public
Low
CVE-2023-42282
was published
for
ip
(npm)
Feb 8, 2024
ProTip!
Advisories are also available from the
GraphQL API