Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

5,106 advisories

Loading
The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not... Moderate Unreviewed
CVE-2011-0491 was published May 17, 2022
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local... Moderate Unreviewed
CVE-2011-0721 was published May 17, 2022
Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote... Moderate Unreviewed
CVE-2011-0581 was published May 17, 2022
kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the... Moderate Unreviewed
CVE-2011-1094 was published May 17, 2022
In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a... Moderate Unreviewed
CVE-2021-39690 was published Mar 17, 2022
SAS Logon Manager v9.4 was discovered to contain a vulnerability in the web UI which would allow... Moderate Unreviewed
CVE-2021-42186 was published Mar 11, 2022
Improper Input Validation in url-js Moderate
CVE-2022-25839 was published for url-js (npm) Mar 12, 2022
Shopware vulnerable to Improper Input Validation of Clearance sale in cart Moderate
CVE-2023-22730 was published for shopware/core (Composer) Jan 17, 2023
JoshuaBehrens aragon999
Improper Input Validation in pyload-ng Moderate
CVE-2023-0434 was published for pyload-ng (pip) Jan 22, 2023
Shopware has Improper Input Validation issue in newsletter subscription Moderate
CVE-2023-22734 was published for shopware/core (Composer) Jan 20, 2023
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to... Moderate Unreviewed
CVE-2023-20525 was published Jan 11, 2023
Header Injection Moderate
CVE-2018-1000883 was published for plug (Erlang) Apr 12, 2022
Permissive parameters and privilege escalation Moderate
CVE-2018-20301 was published for coherence (Erlang) Feb 10, 2022
Unexpected panics in num-bigint Moderate
GHSA-v935-pqmr-g8v9 was published for num-bigint (Rust) Nov 3, 2021
guidovranken arvidn
Improper Input Validation in OpenCV Moderate
CVE-2016-1517 was published for opencv-contrib-python (pip) Oct 12, 2021
Improper input validation in umoci Moderate
CVE-2021-29136 was published for github.com/opencontainers/umoci (Go) Feb 15, 2022
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
GHSA-jq42-hfch-42f3 was published for github.com/hpcng/singularity (Go) Jun 1, 2021
Directory traversal in development mode handler in Vaadin 14 and 15-17 Moderate
GHSA-82mf-mmh7-hxp5 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
DNS Rebinding in etcd Moderate
CVE-2018-1099 was published for go.etcd.io/etcd (Go) Feb 15, 2022
Man-in-the-middle attack in Apache Axis Moderate
CVE-2012-5784 was published for axis:axis (Maven) Oct 7, 2020
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Memory leak in Nanopb Moderate
CVE-2020-26243 was published for nanopb (pip) Nov 25, 2020
User Impersonation in converse.js Moderate
CVE-2017-5858 was published for converse.js (npm) Sep 11, 2020
Moderate severity vulnerability that affects org.apache.oozie:oozie-core Moderate
CVE-2018-11799 was published for org.apache.oozie:oozie-core (Maven) Dec 20, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin Moderate
CVE-2017-15707 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database