Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,044
NuGet
723
pip
3,830
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

118 advisories

Loading
XSS vulnerability on password reset page Moderate
CVE-2021-27909 was published for mautic/core (Composer) Sep 1, 2021
mohit-rocks ZhenwarX
tdunlap607
Cross-site Scripting in Drupal Core Moderate
CVE-2020-13668 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Information Disclosure in User Authentication Moderate
CVE-2021-32767 was published for typo3/cms (Composer) Jul 26, 2021
tdunlap607
Rails::Html::Sanitizer vulnerable to Cross-site Scripting Moderate
CVE-2022-32209 was published for rails-html-sanitizer (RubyGems) Jun 25, 2022
tdunlap607
Archive package allows chmod of file outside of unpack target directory Moderate
CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021
tdunlap607
Rubyzip denial of service Moderate
CVE-2019-16892 was published for rubyzip (RubyGems) Sep 30, 2019
tdunlap607
Root Path Disclosure in send Moderate
CVE-2015-8859 was published for send (npm) Oct 24, 2017
tdunlap607
rails Cross-site Scripting vulnerability Moderate
CVE-2011-2197 was published for actionpack (RubyGems) Oct 24, 2017
tdunlap607 jasnow
Cross-Site Scripting in serve-index Moderate
CVE-2015-8856 was published for serve-index (npm) Oct 24, 2017
tdunlap607
Missing permission check in Jenkins RocketChat Notifier Plugin Moderate
CVE-2022-28139 was published for org.jenkins-ci.plugins:rocketchatnotifier (Maven) Mar 30, 2022
NotMyFault tdunlap607
Password stored in plain text by Jenkins Nomad Plugin Moderate
CVE-2021-21681 was published for org.jenkins-ci.plugins:nomad (Maven) May 24, 2022
NotMyFault tdunlap607
AdGuardHome vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-32175 was published for github.com/AdguardTeam/AdGuardHome (Go) Oct 11, 2022
tdunlap607
Incorrect Authorization in Drupal core Moderate
CVE-2020-13676 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Cross-Site Scripting in diagram-js Moderate
GHSA-8fw4-xh83-3j6q was published for diagram-js (npm) Sep 11, 2020
tdunlap607
Regular Expression Denial of Service in simple-markdown Moderate
GHSA-4xf9-pgvv-xx67 was published for simple-markdown (npm) Sep 3, 2020
tdunlap607
Cross-site scripting in TileServer GL Moderate
CVE-2020-15500 was published for tileserver-gl (npm) May 17, 2021
tdunlap607
API keys stored in plain text by Jenkins Katalon Plugin Moderate
CVE-2022-43419 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault tdunlap607
Cross-Site Scripting in @hapi/boom Moderate
GHSA-2ggq-vfcp-gwhj was published for @hapi/boom (npm) Sep 4, 2020
tdunlap607
Cross-Site Scripting in swagger-ui Moderate
GHSA-4f9m-pxwh-68hg was published for swagger-ui (npm) Sep 11, 2020
tdunlap607
Reference counting error in pyo3 Moderate
CVE-2020-35917 was published for pyo3 (Rust) Aug 25, 2021
tdunlap607
Remote Memory Exposure in request Moderate
CVE-2017-16026 was published for request (npm) Nov 9, 2018
tdunlap607
Cross site scripting in Angular Moderate
CVE-2020-7676 was published for angular (npm) Jun 18, 2020
tdunlap607
Invalid Curve Attack in node-jose Moderate
CVE-2017-16007 was published for node-jose (npm) Jul 20, 2018
tdunlap607
HashiCorp Consul vulnerable to authorization bypass Moderate
CVE-2022-40716 was published for github.com/hashicorp/consul (Go) Sep 25, 2022
tdunlap607
Open Redirect in koa-remove-trailing-slashes Moderate
CVE-2021-23384 was published for koa-remove-trailing-slashes (npm) Feb 10, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database