GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL
Critical
CVE-2022-45299
was published
for
webbrowser
(Rust)
Jan 13, 2023
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
GitPython vulnerable to Remote Code Execution due to improper user input validation
Critical
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
ff4j is vulnerable to Remote Code Execution (RCE)
Critical
CVE-2022-44262
was published
for
org.ff4j:ff4j-core
(Maven)
Dec 1, 2022
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Critical
CVE-2022-44136
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy
Critical
CVE-2022-38580
was published
for
github.com/zalando/skipper
(Go)
Oct 25, 2022
Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.
Critical
CVE-2022-39256
was published
for
CompositeC1.Core
(NuGet)
Sep 30, 2022
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter
Critical
CVE-2022-36663
was published
for
org.gluu:oxauth-common
(Maven)
Sep 7, 2022
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
Critical
CVE-2022-32511
was published
for
jmespath
(RubyGems)
Jun 7, 2022
Login timing attack in ezsystems/ezpublish-kernel
Critical
GHSA-xfqg-p48g-hh94
was published
for
ezsystems/ezpublish-kernel
(Composer)
Jun 2, 2022
Buffer overflow in SmallVec::insert_many
Critical
CVE-2021-25900
was published
for
smallvec
(Rust)
May 24, 2022
Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Critical
CVE-2020-2320
was published
for
io.jenkins.plugin-management:plugin-management-parent-pom
(Maven)
May 24, 2022
OHDSI WebAPI vulnerable to SQL Injection
Critical
CVE-2019-15563
was published
for
org.ohdsi:WebAPI
(Maven)
May 24, 2022
Object state limitation has no effect
Critical
GHSA-5x4f-7xgq-r42x
was published
for
ezsystems/ezpublish-kernel
(Composer)
Apr 29, 2022
Sandbox bypass leading to arbitrary code execution in Deno
Critical
CVE-2022-24783
was published
for
deno
(Rust)
Mar 29, 2022
Capture-replay in Gitea
Critical
CVE-2021-45327
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Missing authentication in ShenYu
Critical
CVE-2022-23944
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Use of Uninitialized Resource in ash.
Critical
CVE-2021-45688
was published
for
ash
(Rust)
Jan 6, 2022
Command Injection in node-windows
Critical
CVE-2021-45459
was published
for
node-windows
(npm)
Jan 5, 2022
Authentication Bypass by CSRF Weakness
Critical
GHSA-6mqr-q86q-6gwr
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43570
was published
for
com.starkbank:starkbank-ecdsa
(Maven)
Nov 10, 2021
Calculation error in ark-r1cs-std
Critical
CVE-2021-38194
was published
for
ark-r1cs-std
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API