Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

132 advisories

Loading
Django-piston and Django-tastypie do not properly deserialize YAML data Critical
CVE-2011-4103 was published for django-piston (pip) Jul 23, 2018
CairoSVG improperly processes SVG files loaded from external resources Critical
CVE-2023-27586 was published for CairoSVG (pip) Mar 20, 2023
Cyxow
Ansible Remote Code Execution Critical
CVE-2014-4657 was published for ansible (pip) May 17, 2022
Bleach URI Scheme Restriction Bypass Critical
CVE-2018-7753 was published for bleach (pip) Jan 4, 2019
Apache DolphinScheduler vulnerable to Improper Input Validation Critical
CVE-2022-45875 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Jan 4, 2023
Ansible fails to properly mark lookup-plugin results as unsafe Critical
CVE-2017-7481 was published for ansible (pip) Sep 6, 2018
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Critical
CVE-2023-40743 was published for axis:axis (Maven) Sep 5, 2023
jkmartindale ebickle
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation Critical
CVE-2017-5638 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
Improper Input Validation in Apache ActiveMQ Critical
CVE-2016-3088 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Authentication bypass in dtale Critical
CVE-2024-3408 was published for dtale (pip) Jun 6, 2024
qdrant input validation failure Critical
CVE-2024-3829 was published for qdrant-client (pip) Jun 3, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint Critical
CVE-2024-3584 was published for qdrant (Rust) Jun 2, 2024
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability Critical
GHSA-jw42-5m4v-9c8g was published for NuGet.CommandLine (NuGet) Jan 9, 2024 withdrawn
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service Critical
CVE-2020-25614 was published for github.com/antchfx/xmlquery (Go) Oct 7, 2022
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-jjx7-8462-w4m4 was published for drupal/drupal (Composer) May 15, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access Critical
CVE-2024-34365 was published for org.apache.karaf:cave (Maven) May 14, 2024
Radicale vulnerable to arbitrary file read or write Critical
CVE-2015-8747 was published for Radicale (pip) May 17, 2022
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
Moodle PostScript Code Injection Critical
CVE-2022-35649 was published for moodle/moodle (Composer) Jul 26, 2022
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7600 was published for drupal/core (Composer) May 14, 2022
git-big-picture Code Execution Critical
CVE-2021-3028 was published for git-big-picture (pip) May 24, 2022
SaltStack Salt Unauthenticated Remote Code Execution Critical
CVE-2020-11651 was published for salt (pip) May 24, 2022
SaltStack Salt Improper Validation of eauth credentials and tokens in salt-netapi Critical
CVE-2020-25592 was published for salt (pip) May 24, 2022
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (npm) Jul 10, 2019
ProTip! Advisories are also available from the GraphQL API