GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Moderate
CVE-2024-37891
was published
for
urllib3
(pip)
Jun 17, 2024
Malicious package may avoid detection in python auditing
Moderate
CVE-2020-5252
was published
for
safety
(pip)
Mar 24, 2020
request_store has Incorrect Default Permissions
Moderate
CVE-2024-43791
was published
for
request_store
(RubyGems)
Aug 23, 2024
Kaminari Insecure File Permissions Vulnerability
Moderate
CVE-2024-32978
was published
for
kaminari
(RubyGems)
May 28, 2024
Server-Side Request Forgery in Request
Moderate
CVE-2023-28155
was published
for
@cypress/request
(npm)
Mar 16, 2023
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
xml2js is vulnerable to prototype pollution
Moderate
CVE-2023-0842
was published
for
xml2js
(npm)
Apr 5, 2023
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Silverstripe Flash Clipboard Reflected XSS
Moderate
CVE-2019-12205
was published
for
silverstripe/admin
(Composer)
May 24, 2022
Laravel Sensitive Data Exposure
Moderate
CVE-2017-14775
was published
for
illuminate/auth
(Composer)
May 17, 2022
WEBrick Improper Input Validation vulnerability
Moderate
CVE-2009-4492
was published
for
webrick
(RubyGems)
Oct 24, 2017
Open Redirect in xdLocalStorage
Moderate
CVE-2020-11611
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Uncaught exception in engine.io
Moderate
CVE-2022-41940
was published
for
engine.io
(npm)
Nov 21, 2022
Server-Side Request Forgery in dompdf/dompdf
Moderate
CVE-2022-0085
was published
for
dompdf/dompdf
(Composer)
Jun 29, 2022
Prototype Pollution in json-pointer
Moderate
CVE-2021-23820
was published
for
json-pointer
(npm)
Nov 8, 2021
Regular Expression Denial of Service in slug
Moderate
CVE-2017-16117
was published
for
slug
(npm)
Jul 24, 2018
Inefficient Regular Expression Complexity in Validator.js
Moderate
GHSA-xx4c-jj58-r7x6
was published
for
validator
(npm)
Nov 19, 2021
ProTip!
Advisories are also available from the
GraphQL API