GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
110 advisories
Filter by severity
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data
High
CVE-2018-1000656
was published
for
flask
(pip)
Aug 23, 2018
GitPython vulnerable to Remote Code Execution due to improper user input validation
High
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
High
CVE-2021-33571
was published
for
Django
(pip)
Jun 10, 2021
Uncontrolled Memory Consumption in Django
High
CVE-2019-6975
was published
for
Django
(pip)
Feb 12, 2019
Incorrect Default Permissions in Cobbler
High
CVE-2021-45083
was published
for
cobbler
(pip)
Feb 21, 2022
Pylons Colander Denial of Service vulnerability
High
CVE-2017-18361
was published
for
colander
(pip)
Feb 7, 2019
Aubio is vulnerable to a NULL pointer dereference in new_aubio_notes function
High
CVE-2018-19802
was published
for
aubio
(pip)
Jul 26, 2019
Arches vulnerable to execution of arbitrary SQL
High
CVE-2022-41892
was published
for
arches
(pip)
Nov 11, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
High
CVE-2018-8825
was published
for
tensorflow
(pip)
Apr 24, 2019
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures
High
GHSA-gq5r-cc4w-g8xf
was published
for
github.com/russellhaering/gosaml2
(Go)
Jun 23, 2021
•
withdrawn
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
Next.js Directory Traversal Vulnerability
High
CVE-2017-16877
was published
for
next
(npm)
Dec 5, 2017
Array size is not checked in sized-chunks
High
CVE-2020-25792
was published
for
sized-chunks
(Rust)
Aug 25, 2021
Stored XSS vulnerability on Bounce Management Callback
High
CVE-2021-27910
was published
for
mautic/core
(Composer)
Sep 1, 2021
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Exposure of Resource to Wrong Sphere in Drupal Core
High
CVE-2020-13670
was published
for
drupal/core
(Composer)
Feb 12, 2022
Vault GitHub Action did not correctly mask multi-line secrets in output
High
CVE-2021-32074
was published
for
hashicorp/vault-action
(GitHub Actions)
May 24, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
High
CVE-2017-7675
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Stack consumption in trust-dns-server
High
CVE-2020-35857
was published
for
trust-dns-server
(Rust)
Aug 25, 2021
Improper Restriction of XML External Entity Reference in python-docx
High
CVE-2016-5851
was published
for
python-docx
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API