GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
CoreDNS Cache Poisoning via a birthday attack
Moderate
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
Moderate
CVE-2024-31863
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security
Moderate
CVE-2024-21494
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Header spoofing in caddy-geo-ip
Moderate
CVE-2023-50463
was published
for
github.com/shift72/caddy-geo-ip
(Go)
Dec 11, 2023
pretix potential IP address spoofing vulnerability
Moderate
CVE-2023-44463
was published
for
pretix
(pip)
Oct 2, 2023
Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password
Moderate
CVE-2022-2368
was published
for
microweber/microweber
(Composer)
Jul 12, 2022
Django WSGI Header Spoofing Vulnerability
Moderate
CVE-2015-0219
was published
for
Django
(pip)
May 17, 2022
Electron vulnerable to URL spoofing via PDFium
Moderate
CVE-2017-1000424
was published
for
Electron
(npm)
May 13, 2022
NextAuth.js default redirect callback vulnerable to open redirects
Moderate
CVE-2022-24858
was published
for
next-auth
(npm)
Apr 22, 2022
Verification check bypass in Gate One
Moderate
CVE-2020-19003
was published
for
gateone
(pip)
Oct 12, 2021
Kiali Authentication Bypass vulnerability
Moderate
CVE-2021-20278
was published
for
github.com/kiali/kiali
(Go)
Jun 1, 2021
Verification flaw in Solid identity-token-verifier
Moderate
GHSA-xmh9-rg6f-j3mr
was published
for
@solid/identity-token-verifier
(npm)
Mar 12, 2021
2FA bypass in Wagtail through new device path
Moderate
CVE-2019-16766
was published
for
wagtail-2fa
(pip)
Nov 29, 2019
ProTip!
Advisories are also available from the
GraphQL API