GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Moderate
CVE-2024-37891
was published
for
urllib3
(pip)
Jun 17, 2024
Django vulnerable to Reflected File Download attack
High
CVE-2022-36359
was published
for
Django
(pip)
Aug 11, 2022
semver vulnerable to Regular Expression Denial of Service
High
CVE-2022-25883
was published
for
semver
(npm)
Jun 21, 2023
Regular Expression Denial of Service (ReDoS) in cross-spawn
High
CVE-2024-21538
was published
for
cross-spawn
(npm)
Nov 8, 2024
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
Low
CVE-2024-51755
was published
for
twig/twig
(Composer)
Nov 6, 2024
Malicious package may avoid detection in python auditing
Moderate
CVE-2020-5252
was published
for
safety
(pip)
Mar 24, 2020
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
django-celery-results Stores Sensitive Information In Cleartext
High
CVE-2020-17495
was published
for
django-celery-results
(pip)
Jun 4, 2021
request_store has Incorrect Default Permissions
Moderate
CVE-2024-43791
was published
for
request_store
(RubyGems)
Aug 23, 2024
NPM IP package incorrectly identifies some private IP addresses as public
Low
CVE-2023-42282
was published
for
ip
(npm)
Feb 8, 2024
Kaminari Insecure File Permissions Vulnerability
Moderate
CVE-2024-32978
was published
for
kaminari
(RubyGems)
May 28, 2024
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-37599
was published
for
loader-utils
(npm)
Oct 12, 2022
Regular Expression Denial of Service in debug
Low
CVE-2017-16137
was published
for
debug
(npm)
Aug 9, 2018
Server-Side Request Forgery in Request
Moderate
CVE-2023-28155
was published
for
@cypress/request
(npm)
Mar 16, 2023
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
xml2js is vulnerable to prototype pollution
Moderate
CVE-2023-0842
was published
for
xml2js
(npm)
Apr 5, 2023
Scrapy denial of service vulnerability
High
CVE-2017-14158
was published
for
scrapy
(pip)
May 17, 2022
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Silverstripe Flash Clipboard Reflected XSS
Moderate
CVE-2019-12205
was published
for
silverstripe/admin
(Composer)
May 24, 2022
Laravel Sensitive Data Exposure
Moderate
CVE-2017-14775
was published
for
illuminate/auth
(Composer)
May 17, 2022
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
High
CVE-2017-9804
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Regular expression denial of service in scss-tokenizer
High
CVE-2022-25758
was published
for
scss-tokenizer
(npm)
Jul 2, 2022
ProTip!
Advisories are also available from the
GraphQL API