Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,632
NuGet
638
pip
3,246
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

38 advisories

Loading
SMTP Injection in PHPMailer Low
CVE-2015-8476 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
CHECK-fail in LSTM with zero-length input in TensorFlow Low
CVE-2020-26270 was published for tensorflow (pip) Dec 10, 2020
VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption Low
GHSA-375m-5fvv-xq23 was published for vyper (pip) Apr 19, 2021
personnummer/dart vulnerable to Improper Input Validation Low
CVE-2023-22963 was published for personnummer (Pub) Sep 19, 2022
Improper Input Validation in Jenkins Low
CVE-2017-1000401 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jetty invalid URI parsing may produce invalid HttpURI.authority Low
CVE-2022-2047 was published for org.eclipse.jetty:jetty-http (Maven) Jul 7, 2022
rafax00
Environment Variable Injection in GitHub Actions Low
CVE-2020-15228 was published for @actions/core (npm) Oct 1, 2020
Prefix escape Low
CVE-2021-21322 was published for fastify-http-proxy (npm) Mar 3, 2021
Data Amplification in Play Framework Low
CVE-2020-28923 was published for com.typesafe.play:play (Maven) Feb 9, 2022
Incomplete validation in `SparseReshape` Low
CVE-2021-29611 was published for tensorflow (pip) May 21, 2021
Crash due to malformed relay protocol message Low
CVE-2021-21404 was published for github.com/syncthing/syncthing (Go) May 21, 2021
Improper Input Validation in Firefly III Low
CVE-2019-14671 was published for grumpydictator/firefly-iii (Composer) Sep 8, 2021
Phusion Passenger allows remote attackers to spoof headers Low
CVE-2015-7519 was published for passenger (RubyGems) Oct 10, 2018
Incorrect parsing of nameless cookies leads to __Host- cookies bypass Low
CVE-2023-23934 was published for Werkzeug (pip) Feb 15, 2023
lavish
Aliases are never checked in helm Low
CVE-2020-15184 was published for helm.sh/helm (Go) May 24, 2021
Repository index file allows for duplicates of the same chart entry in helm Low
CVE-2020-15185 was published for helm.sh/helm (Go) May 24, 2021
Panic due to malformed WALs in go.etcd.io/etcd Low
CVE-2020-15106 was published for go.etcd.io/etcd (Go) Feb 7, 2023
Improper Sanitizing of plugin names in helm Low
CVE-2020-15186 was published for helm.sh/helm (Go) May 24, 2021
Silverstripe Framework: Members with no password can be created and bypass custom login forms Low
CVE-2023-32302 was published for silverstripe/framework (Composer) Jul 31, 2023
sabina-talipova bimthebam
maxime-rainville
Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource Low
CVE-2018-1999037 was published for org.jenkins-ci.plugins:resource-disposer (Maven) May 14, 2022
OpenStack Nova Scheduler denial of service through scheduler_hints Low
CVE-2012-3371 was published for Nova (pip) May 17, 2022
Concrete CMS vulnerable to stored XSS via the Role Name field Low
CVE-2024-1247 was published for concrete5/concrete5 (Composer) Feb 9, 2024
Concrete CMS vulnerable to stored XSS in file tags and description attributes Low
CVE-2024-1245 was published for concrete5/concrete5 (Composer) Feb 9, 2024
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature Low
CVE-2024-1246 was published for concrete5/concrete5 (Composer) Feb 9, 2024
Concrete CMS Stored XSS on the calendar color settings screen Low
CVE-2024-2753 was published for concrete5/concrete5 (Composer) Apr 3, 2024
ProTip! Advisories are also available from the GraphQL API