GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
298 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Critical
CVE-2020-11059
was published
for
aegir
(npm)
May 27, 2020
Improper Input Validation in multi_xml
High
CVE-2013-0175
was published
for
multi_xml
(RubyGems)
Oct 24, 2017
PyOpenSSL Use-After-Free vulnerability
High
CVE-2018-1000807
was published
for
pyopenssl
(pip)
Oct 10, 2018
AdGuardHome vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-32175
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Oct 11, 2022
Cross-Site Scripting in swagger-ui
High
CVE-2016-1000233
was published
for
swagger-ui
(npm)
Sep 1, 2020
Object state limitation has no effect
Critical
GHSA-5x4f-7xgq-r42x
was published
for
ezsystems/ezpublish-kernel
(Composer)
Apr 29, 2022
Improper Certificate Validation in urllib3
High
CVE-2019-11324
was published
for
urllib3
(pip)
Apr 19, 2019
Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Critical
CVE-2020-2320
was published
for
io.jenkins.plugin-management:plugin-management-parent-pom
(Maven)
May 24, 2022
Password stored in plain text by Jenkins Nomad Plugin
Moderate
CVE-2021-21681
was published
for
org.jenkins-ci.plugins:nomad
(Maven)
May 24, 2022
Missing permission check in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28139
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
Cross-Site Scripting in serve-index
Moderate
CVE-2015-8856
was published
for
serve-index
(npm)
Oct 24, 2017
yajl-ruby gem Denial of Service vulnerability
High
CVE-2017-16516
was published
for
yajl-ruby
(RubyGems)
Nov 28, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2012-3464
was published
for
activesupport
(RubyGems)
Oct 24, 2017
rails Cross-site Scripting vulnerability
Moderate
CVE-2011-2197
was published
for
actionpack
(RubyGems)
Oct 24, 2017
activerecord vulnerable to SQL Injection
High
CVE-2011-0448
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Code Execution Through IIFE in serialize-to-js
Critical
CVE-2017-5954
was published
for
serialize-to-js
(npm)
Jul 18, 2018
Regular Expression Denial of Service in tough-cookie
High
CVE-2017-15010
was published
for
tough-cookie
(npm)
Jul 24, 2018
Improper Restriction of XML External Entity Reference in python-docx
High
CVE-2016-5851
was published
for
python-docx
(pip)
May 13, 2022
Stack consumption in trust-dns-server
High
CVE-2020-35857
was published
for
trust-dns-server
(Rust)
Aug 25, 2021
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
High
CVE-2017-7675
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Vault GitHub Action did not correctly mask multi-line secrets in output
High
CVE-2021-32074
was published
for
hashicorp/vault-action
(GitHub Actions)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API