GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,253
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,725
NuGet
662
pip
3,402
Pub
12
RubyGems
890
Rust
861
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,813 advisories
Filter by severity
Improper permissions handling in MediaWiki AbuseFilter
Moderate
CVE-2024-47913
was published
for
mediawiki/abuse-filter
(Composer)
Oct 5, 2024
Cross-Site Request Forgery in Apache Wicket
Moderate
CVE-2024-27439
was published
for
org.apache.wicket:wicket
(Maven)
Mar 19, 2024
Jenkins HTML Publisher Plugin does not properly sanitize input
High
CVE-2024-28149
was published
for
org.jenkins-ci.plugins:htmlpublisher
(Maven)
Mar 6, 2024
shared_preferences_android vulnerability
Low
GHSA-3hpf-ff72-j67p
was published
for
shared_preferences_android
(Pub)
Dec 6, 2024
Django denial-of-service in django.utils.html.strip_tags()
Moderate
CVE-2024-53907
was published
for
Django
(pip)
Dec 6, 2024
Django SQL injection in HasKey(lhs, rhs) on Oracle
High
CVE-2024-53908
was published
for
Django
(pip)
Dec 6, 2024
semver vulnerable to Regular Expression Denial of Service
High
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
High
CVE-2024-54141
was published
for
thorsten/phpmyfaq
(Composer)
Dec 6, 2024
Certifi removes GLOBALTRUST root certificate
Low
CVE-2024-39689
was published
for
certifi
(pip)
Jul 5, 2024
JetBrains Ktor information disclosure
Moderate
CVE-2024-49580
was published
for
io.ktor:ktor-client-core-jvm
(Maven)
Oct 17, 2024
Prototype Pollution in the merge and clone helper methods
Moderate
CVE-2021-39227
was published
for
zrender
(npm)
Sep 20, 2021
Ansible galaxy-importer Path Traversal vulnerability
Moderate
CVE-2023-5189
was published
for
galaxy-importer
(pip)
Nov 15, 2023
Ansible symlink attack vulnerability
Moderate
CVE-2023-5115
was published
for
ansible
(pip)
Dec 28, 2023
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
Missing security headers in Action Pack on non-HTML responses
Moderate
CVE-2024-28103
was published
for
actionpack
(RubyGems)
Jun 4, 2024
Opencontainers runc Incorrect Authorization vulnerability
High
CVE-2023-27561
was published
for
github.com/opencontainers/runc
(Go)
Mar 3, 2023
Quarkus CXF logs passwords and other secrets
Moderate
CVE-2024-9621
was published
for
io.quarkiverse.cxf:quarkus-cxf
(Maven)
Oct 8, 2024
Unpatched `path-to-regexp` ReDoS in 0.1.x
Moderate
CVE-2024-52798
was published
for
path-to-regexp
(npm)
Dec 5, 2024
sigstore-java has a vulnerability with bundle verification
Low
CVE-2024-54140
was published
for
dev.sigstore:sigstore-java
(Maven)
Dec 5, 2024
Directus has an HTML Injection in Comment
Moderate
CVE-2024-54128
was published
for
@directus/app
(npm)
Dec 5, 2024
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
OpenStack improperly deletes access rules
Moderate
CVE-2023-6110
was published
for
python-openstackclient
(pip)
Nov 17, 2024
Drupal core vulnerable to improper error handling
Moderate
CVE-2024-11942
was published
for
drupal/core
(Composer)
Dec 5, 2024
Drupal core Denial of Service
High
CVE-2024-11941
was published
for
drupal/core
(Composer)
Dec 5, 2024
ProTip!
Advisories are also available from the
GraphQL API