Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

395 advisories

Loading
Insecure Default Configuration in redbird Moderate
GHSA-8948-ffc6-jg52 was published for redbird (npm) Jun 6, 2019
Moderate severity vulnerability that affects python-gnupg Moderate
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j Moderate
CVE-2018-1298 was published for org.apache.qpid:apache-qpid-broker-j (Maven) Oct 19, 2018
Insight API transaction broadcast endpoint can result in Full Path Disclosure Moderate
CVE-2018-1000023 was published for insight-api (npm) Mar 5, 2018
Route Validation Bypass in call Moderate
CVE-2016-10543 was published for call (npm) Feb 18, 2019
Moderate severity vulnerability that affects mailman Moderate
CVE-2018-13796 was published for mailman (pip) Sep 11, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin Moderate
CVE-2017-15707 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core Moderate
CVE-2018-11799 was published for org.apache.oozie:oozie-core (Maven) Dec 20, 2018
User Impersonation in converse.js Moderate
CVE-2017-5858 was published for converse.js (npm) Sep 11, 2020
Memory leak in Nanopb Moderate
CVE-2020-26243 was published for nanopb (pip) Nov 25, 2020
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Man-in-the-middle attack in Apache Axis Moderate
CVE-2012-5784 was published for axis:axis (Maven) Oct 7, 2020
DNS Rebinding in etcd Moderate
CVE-2018-1099 was published for go.etcd.io/etcd (Go) Feb 15, 2022
Directory traversal in development mode handler in Vaadin 14 and 15-17 Moderate
GHSA-82mf-mmh7-hxp5 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
GHSA-jq42-hfch-42f3 was published for github.com/hpcng/singularity (Go) Jun 1, 2021
Improper input validation in umoci Moderate
CVE-2021-29136 was published for github.com/opencontainers/umoci (Go) Feb 15, 2022
Improper Input Validation in OpenCV Moderate
CVE-2016-1517 was published for opencv-contrib-python (pip) Oct 12, 2021
Unexpected panics in num-bigint Moderate
GHSA-v935-pqmr-g8v9 was published for num-bigint (Rust) Nov 3, 2021
guidovranken arvidn
Permissive parameters and privilege escalation Moderate
CVE-2018-20301 was published for coherence (Erlang) Feb 10, 2022
Header Injection Moderate
CVE-2018-1000883 was published for plug (Erlang) Apr 12, 2022
Shopware has Improper Input Validation issue in newsletter subscription Moderate
CVE-2023-22734 was published for shopware/core (Composer) Jan 20, 2023
Improper Input Validation in pyload-ng Moderate
CVE-2023-0434 was published for pyload-ng (pip) Jan 22, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart Moderate
CVE-2023-22730 was published for shopware/core (Composer) Jan 17, 2023
JoshuaBehrens aragon999
Improper Input Validation in url-js Moderate
CVE-2022-25839 was published for url-js (npm) Mar 12, 2022
Login screen allows message spoofing if SSO is enabled Moderate
CVE-2022-24905 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API