GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
240,627 advisories
Filter by severity
Denial of service in ASP.NET Core
High
CVE-2018-8269
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
hyper-staticfile's location header incorporates user input, allowing open redirect
Moderate
GHSA-5wvv-q5fv-2388
was published
for
hyper-staticfile
(Rust)
Dec 30, 2022
Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue
High
GHSA-q2fj-6h62-59m2
was published
for
io.apiman:apiman-distro-vertx
(Maven)
Dec 30, 2022
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
High
CVE-2022-40151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 30, 2022
oqs's Post-Quantum Key Encapsulation Mechanism SIKE broken
Moderate
GHSA-hrjv-pf36-jpmr
was published
for
oqs
(Rust)
Aug 18, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken
High
GHSA-h864-m8vm-3xvj
was published
for
oqs
(Rust)
Aug 18, 2022
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
Moderate
CVE-2022-2256
was published
for
org.keycloak:keycloak-parent
(Maven)
Sep 23, 2022
Potential inter-blockchain communication (IBC) protocol compromise via "Dragonberry" vulnerability in cheqd
High
GHSA-j92c-mmf7-j5x5
was published
for
github.com/cheqd/cheqd-node
(Go)
Oct 18, 2022
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Moderate
GHSA-2qc6-mcvw-92cw
was published
for
nokogiri
(RubyGems)
Oct 18, 2022
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior
Moderate
GHSA-gfgm-chr3-x6px
was published
for
prettytable-rs
(Rust)
Dec 30, 2022
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page
Moderate
GHSA-2fvv-qxrq-7jq6
was published
for
apollo-server-core
(npm)
Aug 18, 2022
PocketMine-MP invalid skin geometry JSON data leading to server crash
High
GHSA-8cwq-4cmf-px73
was published
for
pocketmine/pocketmine-mp
(Composer)
Aug 18, 2022
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Moderate
GHSA-98pf-gfh3-x3mp
was published
for
readthedocs
(npm)
Nov 10, 2022
Ibexa DXP users with the Company admin role can assign any role to any user
Critical
GHSA-g6jc-xrc3-4wwq
was published
for
ibexa/admin-ui
(Composer)
Nov 10, 2022
Redwood is vulnerable to account takeover via dbAuth "forgot-password"
High
GHSA-3qmc-2r76-4rqp
was published
for
@redwoodjs/api
(npm)
Nov 10, 2022
ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname
Critical
GHSA-7644-cxp8-h23r
was published
for
ibexa/admin-ui
(Composer)
Nov 10, 2022
GraphQL queries can expose password hashes
Critical
GHSA-3p7g-wrgg-wq45
was published
for
ibexa/graphql
(Composer)
Nov 10, 2022
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
Critical
GHSA-58h5-h554-429q
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Nov 10, 2022
Ibexa DXP users with the Company admin role can assign any role to any user
Critical
GHSA-394j-x37r-2q27
was published
for
ibexa/core
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-446q-xxg5-3vhh
was published
for
ezsystems/repository-forms
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-pcpm-vc4v-cmvx
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-8h83-chh2-fchp
was published
for
ezsystems/ezplatform-kernel
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-99r3-xmmq-7q7g
was published
for
ezsystems/ezpublish-kernel
(Composer)
Nov 10, 2022
Container build can leak any path on the host into the container
Low
GHSA-vp35-85q5-9f25
was published
for
github.com/moby/moby
(Go)
Nov 11, 2022
mofh Vulnerable to Improper Restriction of XML External Entity Reference
Moderate
GHSA-7r9x-qrpr-3cxw
was published
for
mofh
(pip)
Aug 11, 2022
ProTip!
Advisories are also available from the
GraphQL API