GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,961
Composer 4,055
Erlang 29
GitHub Actions 19
Go 1,889
Maven 5,076
npm 3,605
NuGet 638
pip 3,208
Pub 10
RubyGems 852
Rust 816
Swift 35

Unreviewed advisories

All unreviewed 227,357

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

123 advisories

Filter by severity

Sort by

Least recently updated

Path Traversal in Ansible Moderate

CVE-2020-10691 was published for ansible (pip) Apr 20, 2021

Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate

CVE-2019-10156 was published for ansible (pip) Jul 31, 2019

Ansible password prompts could expose passwords Moderate

CVE-2019-10206 was published for ansible (pip) May 24, 2022

Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate

CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022

bootstrap Cross-site Scripting vulnerability Moderate

CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019

Bootstrap Cross-site Scripting vulnerability Moderate

CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018

XSS vulnerability that affects bootstrap Moderate

CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019

Directory-traversal in Django Moderate

CVE-2021-45452 was published for Django (pip) Jan 12, 2022

Cross-site Scripting in Django Moderate

CVE-2022-22818 was published for django (pip) Feb 4, 2022

XSS in Django Moderate

CVE-2020-13596 was published for django (pip) Jun 5, 2020

Cross-site scripting in django Moderate

CVE-2010-3082 was published for django (pip) Jul 23, 2018

Insufficient Verification of Data Authenticity in Apache Tomcat Moderate

CVE-2017-7674 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022

XSS vulnerability on password reset page Moderate

CVE-2021-27909 was published for mautic/core (Composer) Sep 1, 2021

Cross-site Scripting in Drupal Core Moderate

CVE-2020-13668 was published for drupal/core (Composer) Feb 12, 2022

Information Disclosure in User Authentication Moderate

CVE-2021-32767 was published for typo3/cms (Composer) Jul 26, 2021

Rails::Html::Sanitizer vulnerable to Cross-site Scripting Moderate

CVE-2022-32209 was published for rails-html-sanitizer (RubyGems) Jun 25, 2022

Archive package allows chmod of file outside of unpack target directory Moderate

CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021

Rubyzip denial of service Moderate

CVE-2019-16892 was published for rubyzip (RubyGems) Sep 30, 2019

Root Path Disclosure in send Moderate

CVE-2015-8859 was published for send (npm) Oct 24, 2017

rails Cross-site Scripting vulnerability Moderate

CVE-2011-2197 was published for actionpack (RubyGems) Oct 24, 2017

activesupport Cross-site Scripting vulnerability Moderate

CVE-2012-3464 was published for activesupport (RubyGems) Oct 24, 2017

Cross-Site Scripting in serve-index Moderate

CVE-2015-8856 was published for serve-index (npm) Oct 24, 2017

Missing permission check in Jenkins RocketChat Notifier Plugin Moderate

CVE-2022-28139 was published for org.jenkins-ci.plugins:rocketchatnotifier (Maven) Mar 30, 2022

Password stored in plain text by Jenkins Nomad Plugin Moderate

CVE-2021-21681 was published for org.jenkins-ci.plugins:nomad (Maven) May 24, 2022

AdGuardHome vulnerable to Cross-Site Request Forgery Moderate

CVE-2022-32175 was published for github.com/AdguardTeam/AdGuardHome (Go) Oct 11, 2022

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

123 advisories