GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
132 advisories
Filter by severity
Django-piston and Django-tastypie do not properly deserialize YAML data
Critical
CVE-2011-4103
was published
for
django-piston
(pip)
Jul 23, 2018
CairoSVG improperly processes SVG files loaded from external resources
Critical
CVE-2023-27586
was published
for
CairoSVG
(pip)
Mar 20, 2023
Bleach URI Scheme Restriction Bypass
Critical
CVE-2018-7753
was published
for
bleach
(pip)
Jan 4, 2019
Apache DolphinScheduler vulnerable to Improper Input Validation
Critical
CVE-2022-45875
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Jan 4, 2023
Ansible fails to properly mark lookup-plugin results as unsafe
Critical
CVE-2017-7481
was published
for
ansible
(pip)
Sep 6, 2018
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
Critical
CVE-2023-40743
was published
for
axis:axis
(Maven)
Sep 5, 2023
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
Critical
CVE-2017-5638
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
Remote code injection in Log4j
Critical
CVE-2021-44228
was published
for
com.guicedee.services:log4j-core
(Maven)
Dec 10, 2021
Improper Input Validation in Apache ActiveMQ
Critical
CVE-2016-3088
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
qdrant input validation failure
Critical
CVE-2024-3829
was published
for
qdrant-client
(pip)
Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability
Critical
GHSA-jw42-5m4v-9c8g
was published
for
NuGet.CommandLine
(NuGet)
Jan 9, 2024
•
withdrawn
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
Critical
CVE-2020-25614
was published
for
github.com/antchfx/xmlquery
(Go)
Oct 7, 2022
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-jjx7-8462-w4m4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
Radicale vulnerable to arbitrary file read or write
Critical
CVE-2015-8747
was published
for
Radicale
(pip)
May 17, 2022
Codiad remote code execution vulnerability
Critical
CVE-2018-14009
was published
for
codiad/codiad
(Composer)
May 13, 2022
Moodle PostScript Code Injection
Critical
CVE-2022-35649
was published
for
moodle/moodle
(Composer)
Jul 26, 2022
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7600
was published
for
drupal/core
(Composer)
May 14, 2022
git-big-picture Code Execution
Critical
CVE-2021-3028
was published
for
git-big-picture
(pip)
May 24, 2022
SaltStack Salt Unauthenticated Remote Code Execution
Critical
CVE-2020-11651
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi
Critical
CVE-2020-25592
was published
for
salt
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API