GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,726
Composer 4,023
Erlang 29
GitHub Actions 16
Go 1,830
Maven 5,045
npm 3,573
NuGet 632
pip 3,156
Pub 10
RubyGems 847
Rust 796
Swift 34

Unreviewed advisories

All unreviewed 224,685

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

298 advisories

Filter by severity

Sort by

Least recently updated

Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate

CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022

bootstrap Cross-site Scripting vulnerability Moderate

CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019

Bootstrap Cross-site Scripting vulnerability Moderate

CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018

XSS vulnerability that affects bootstrap Moderate

CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019

The `size` option isn't honored after following a redirect in node-fetch Low

CVE-2020-15168 was published for node-fetch (npm) Sep 10, 2020

Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures High

GHSA-gq5r-cc4w-g8xf was published for github.com/russellhaering/gosaml2 (Go) Jun 23, 2021 • withdrawn

Improper handling of case sensitivity in Spring Framework High

CVE-2022-22968 was published for org.springframework:spring-context (Maven) Apr 15, 2022

Infinite Loop in Django High

CVE-2022-23833 was published for Django (pip) Feb 4, 2022

Path Traversal in Django High

CVE-2021-31542 was published for Django (pip) Jun 4, 2021

Ansible password prompts could expose passwords Moderate

CVE-2019-10206 was published for ansible (pip) May 24, 2022

Potential infinite loop in Pillow High

CVE-2021-28676 was published for Pillow (pip) Jun 8, 2021

Next.js Directory Traversal Vulnerability High

CVE-2017-16877 was published for next (npm) Dec 5, 2017

Array size is not checked in sized-chunks High

CVE-2020-25792 was published for sized-chunks (Rust) Aug 25, 2021

Directory-traversal in Django Moderate

CVE-2021-45452 was published for Django (pip) Jan 12, 2022

Cross-site Scripting in Django Moderate

CVE-2022-22818 was published for django (pip) Feb 4, 2022

XSS in Django Moderate

CVE-2020-13596 was published for django (pip) Jun 5, 2020

Out of bounds read in Pillow High

CVE-2021-25291 was published for Pillow (pip) Mar 29, 2021

Cross-site scripting in django Moderate

CVE-2010-3082 was published for django (pip) Jul 23, 2018

Insufficient Verification of Data Authenticity in Apache Tomcat Moderate

CVE-2017-7674 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022

Stored XSS vulnerability on Bounce Management Callback High

CVE-2021-27910 was published for mautic/core (Composer) Sep 1, 2021

XSS vulnerability on password reset page Moderate

CVE-2021-27909 was published for mautic/core (Composer) Sep 1, 2021

Remote Code Execution in SyliusResourceBundle High

CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020

Remote Code Execution in SyliusResourceBundle Critical

CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020

Cross-site Scripting in Drupal Core Moderate

CVE-2020-13668 was published for drupal/core (Composer) Feb 12, 2022

Use of a Broken or Risky Cryptographic Algorithm Low

CVE-2021-27913 was published for mautic/core (Composer) Sep 1, 2021

Previous 1 2 3 4 5 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

298 advisories