GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Signature Validation Bypass
Critical
GHSA-5684-g483-2249
was published
for
github.com/russellhaering/gosaml2
(Go)
May 24, 2021
Signature Validation Bypass
Critical
GHSA-rrfw-hg9m-j47h
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
Auth bypass in SAML provider
Critical
GHSA-433w-mm6h-rv9p
was published
for
github.com/netlify/gotrue
(Go)
Jun 23, 2021
@actions/core has Delimiter Injection Vulnerability in exportVariable
Moderate
CVE-2022-35954
was published
for
@actions/core
(npm)
Aug 18, 2022
Misinterpretation of malicious XML input
Moderate
CVE-2021-21366
was published
for
xmldom
(npm)
Mar 12, 2021
Denial of Service in graphql-go
Moderate
CVE-2022-21708
was published
for
github.com/graph-gophers/graphql-go
(Go)
Jan 27, 2022
Authentication Bypass in github.com/russellhaering/gosaml2
Critical
CVE-2020-29509
was published
for
github.com/russellhaering/gosaml2
(Go)
Feb 11, 2022
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass
Moderate
CVE-2020-15216
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
Critical security issues in XML encoding in github.com/dexidp/dex
Critical
CVE-2020-26290
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
KaTeX's maxExpand bypassed by `\edef`
Moderate
CVE-2024-28243
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Moderate
CVE-2024-28244
was published
for
katex
(npm)
Mar 25, 2024
KaTeX's `\includegraphics` does not escape filename
Moderate
CVE-2024-28245
was published
for
katex
(npm)
Mar 25, 2024
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Moderate
CVE-2024-28246
was published
for
katex
(npm)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API