Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

114 advisories

Loading
JetBrains Ktor before 2.1.0 was vulnerable to a Reflect File Download attack Moderate
CVE-2022-38179 was published for io.ktor:ktor (Maven) Aug 13, 2022
SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream... Moderate Unreviewed
CVE-2022-35091 was published Sep 25, 2022
Incorrect Comparison in NumPy Moderate
CVE-2021-34141 was published for numpy (pip) Dec 18, 2021
An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent... Moderate Unreviewed
CVE-2022-22203 was published Jul 21, 2022
Timing attack on HMAC signature comparison in Apache Tapestry Critical
CVE-2019-10071 was published for org.apache.tapestry:tapestry-core (Maven) Sep 26, 2019
Regular expression denial of service in react-native High
CVE-2020-1920 was published for react-native (npm) Jul 20, 2021
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a... Critical Unreviewed
CVE-2021-27786 was published Jun 10, 2022
chatwoot is vulnerable to Inefficient Regular Expression Complexity High Unreviewed
CVE-2021-3649 was published May 24, 2022
In search engine service, there is a possible way to change the default search engine due to an... Moderate Unreviewed
CVE-2022-20072 was published Apr 12, 2022
Incorrect Comparison in Vyper High
GHSA-7vrm-3jc8-5wwm was published for vyper (pip) Apr 4, 2022
False-positive validity for NFT1 genesis transactions Critical
CVE-2020-15131 was published for slp-validate (npm) Jul 30, 2020
False-positive validity for NFT1 genesis transactions in SLPJS Critical
CVE-2020-15130 was published for slpjs (npm) Jul 30, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11071 was published for slpjs (npm) May 12, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11072 was published for slp-validate (npm) May 12, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database