GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
298 advisories
Regular Expression Denial of Service in papaparse
High
CVE-2020-36649
was published
for
papaparse
(npm)
Sep 4, 2020
Browsershot does not validate URL protocols passed to Browsershot URL method
High
CVE-2022-41706
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Browsershot version 3.57.3 vulnerable to improper input validation
Moderate
CVE-2022-43984
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
csaf-poc/csaf_distribution Cross-site Scripting vulnerability
Moderate
CVE-2022-43996
was published
for
github.com/csaf-poc/csaf_distribution
(Go)
Dec 14, 2022
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution
Moderate
CVE-2022-31683
was published
for
github.com/concourse/concourse
(Go)
Oct 19, 2022
Hashicorp Nomad Information Exposure Through Environmental Variables
Moderate
CVE-2019-14802
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2022-42966
was published
for
cleo
(pip)
Nov 10, 2022
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2012-3464
was published
for
activesupport
(RubyGems)
Oct 24, 2017
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43570
was published
for
com.starkbank.ellipticcurve:starkbank-ecdsa
(Maven)
Nov 10, 2021
.NET Remote Code Execution Vulnerability
High
CVE-2022-41089
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Dec 14, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
High
CVE-2015-5163
was published
for
glance
(pip)
May 17, 2022
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
High
CVE-2021-29434
was published
for
wagtail
(pip)
Apr 20, 2021
Improper Certificate Validation in urllib3
High
CVE-2019-11324
was published
for
urllib3
(pip)
Apr 19, 2019
GitPython vulnerable to Remote Code Execution due to improper user input validation
Critical
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
Ansible password prompts could expose passwords
High
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
Data leakage via cache key collision in Django
High
CVE-2020-13254
was published
for
Django
(pip)
Jun 5, 2020
Improper Input Validation in PyYAML
Critical
CVE-2020-1747
was published
for
pyyaml
(pip)
Apr 20, 2021
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
High
CVE-2018-8825
was published
for
tensorflow
(pip)
Apr 24, 2019
Improper Restriction of XML External Entity Reference in python-docx
High
CVE-2016-5851
was published
for
python-docx
(pip)
May 13, 2022
XML External Entity Injection in PyWPS
High
CVE-2021-39371
was published
for
pywps
(pip)
Sep 2, 2021
PyKMIP Denial of service vulnerability
High
CVE-2018-1000872
was published
for
pykmip
(pip)
Dec 21, 2018
ProTip!
Advisories are also available from the
GraphQL API