GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,079
Erlang
29
GitHub Actions
19
Go
1,905
Maven
5,000+
npm
3,636
NuGet
638
pip
3,254
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
7,038 advisories
Filter by severity
Mistune vulnerable to catastrophic backtracking
High
CVE-2022-34749
was published
for
mistune
(pip)
Jul 26, 2022
Incorrect header handling in mod-wsgi
High
CVE-2022-2255
was published
for
mod-wsgi
(pip)
Aug 26, 2022
MoinMoin has improper default configuration
High
CVE-2010-0717
was published
for
moin
(pip)
May 2, 2022
mindsdb arbitrary file write when extracting a remotely retrieved Tarball
High
CVE-2023-30620
was published
for
mindsdb
(pip)
Mar 30, 2023
Keycloak Open Redirect vulnerability
High
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 19, 2024
CoreDNS vulnerable to TuDoor Attacks
High
CVE-2023-28452
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
High
CVE-2023-38886
was published
for
dolibarr/dolibarr
(Composer)
Sep 20, 2023
FUXA local file inclusion vulnerability
High
CVE-2023-31718
was published
for
fuxa-server
(npm)
Sep 22, 2023
FUXA vulnerable to Local File Inclusion
High
CVE-2023-31716
was published
for
@frangoteam/fuxa
(npm)
Sep 22, 2023
OpenStack Neutron Denial of Service vulnerability
High
CVE-2021-40797
was published
for
neutron
(pip)
May 24, 2022
HTTP Request Smuggling in ruby webrick
High
CVE-2024-47220
was published
for
webrick
(RubyGems)
Sep 22, 2024
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13346
was published
for
mercurial
(pip)
May 13, 2022
Mercurial Improper Input Validation vulnerability
High
CVE-2018-13348
was published
for
mercurial
(pip)
May 13, 2022
modoboa vulnerable to Cross-Site Request Forgery
High
CVE-2023-2228
was published
for
modoboa
(pip)
Apr 21, 2023
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
High
CVE-2024-39928
was published
for
org.apache.linkis:linkis-engineplugin-spark
(Maven)
Sep 25, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
Modoboa is vulnerable to an XML External Entity Injection (XXE)
High
CVE-2019-19702
was published
for
modoboa-dmarc
(pip)
May 24, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in irrd
High
CVE-2022-24798
was published
for
irrd
(pip)
Apr 1, 2022
openstack-mistral Discloses the presence of arbitrary files within the filesystem
High
CVE-2018-16849
was published
for
mistral
(pip)
May 13, 2022
JSNAPy allows unprivileged local users to alter files under the directory
High
CVE-2018-0023
was published
for
jsnapy
(pip)
Jul 12, 2018
Keylime: unhandled exceptions could lead to invalid attestation states
High
CVE-2022-3500
was published
for
Keylime
(pip)
Oct 28, 2022
ProTip!
Advisories are also available from the
GraphQL API