Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,922 advisories

Loading
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. Moderate
CVE-2024-45772 was published for org.apache.lucene:lucene-replicator (Maven) Sep 30, 2024
streichsbaer
Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-9148 was published for flowise (npm) Sep 25, 2024
Cross-site Scripting in modoboa Moderate
CVE-2023-0470 was published for modoboa (pip) Jan 27, 2023
Modoboa has Weak Password Requirements Moderate
CVE-2023-2160 was published for modoboa (pip) Apr 18, 2023
MoinMoin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2009-1482 was published for moin (pip) May 2, 2022
Denial of service attack via push rule patterns in matrix-synapse Moderate
CVE-2021-29471 was published for matrix-synapse (pip) May 13, 2021
SSRF in Sydent due to missing validation of hostnames Moderate
CVE-2021-29431 was published for matrix-sydent (pip) Apr 19, 2021
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints Moderate
CVE-2021-21393 was published for matrix-synapse (pip) Apr 13, 2021
HTML injection in email and account expiry notifications Moderate
CVE-2021-21333 was published for matrix-synapse (pip) Mar 26, 2021
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews Moderate
CVE-2023-32683 was published for matrix-synapse (pip) Jun 6, 2023
mayan-edms Cross-site Scripting vulnerability Moderate
CVE-2018-16405 was published for mayan-edms (pip) Sep 6, 2018
Cross-site scripting (XSS) vulnerability in the password reset endpoint Moderate
CVE-2021-21332 was published for matrix-synapse (pip) Mar 26, 2021
Denial of service attack via .well-known lookups Moderate
CVE-2021-21274 was published for matrix-synapse (pip) Mar 1, 2021
mscherer
loguru vulnerable to improper privilege management Moderate
CVE-2022-0338 was published for loguru (pip) Jan 26, 2022
lxml vulnerable to Cross-site Scripting Moderate
CVE-2020-27783 was published for lxml (pip) Jan 7, 2021
lxml NULL Pointer Dereference allows attackers to cause a denial of service Moderate
CVE-2022-2309 was published for lxml (pip) Jul 6, 2022
Improper Neutralization of Input During Web Page Generation in LXML Moderate
CVE-2018-19787 was published for lxml (pip) May 13, 2022
Mako contains Cross-site Scripting vulnerability Moderate
CVE-2010-2480 was published for mako (pip) May 17, 2022
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) Moderate
CVE-2024-47066 was published for @lobehub/chat (npm) Sep 23, 2024
a1loy
Gateway API route matching order contradicts specification Moderate
CVE-2024-42487 was published for github.com/cilium/cilium (Go) Aug 15, 2024
sayboras
MantisBT vulnerable to information disclosure with user profiles Moderate
CVE-2024-45792 was published for mantisbt/mantisbt (Composer) Sep 30, 2024
c-schmitz dregad
Eclipse Glassfish improperly handles http parameters Moderate
CVE-2024-9329 was published for org.glassfish.main.admin:rest-service (Maven) Sep 30, 2024
mangadex-downloader vulnerable to unauthorized file reading Moderate
CVE-2022-36082 was published for mangadex-downloader (pip) Sep 16, 2022
lxml Cross-site Scripting Via Control Characters Moderate
CVE-2014-3146 was published for lxml (pip) May 14, 2022
joshbressers
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database