GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
7,495 advisories
Filter by severity
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow
High
GHSA-xq3c-8gqm-v648
was published
for
async-graphql
(Rust)
Jul 29, 2022
URL Rewrite vulnerability in multiple zendframework components
High
GHSA-f6p5-76fp-m248
was published
for
zendframework/zend-diactoros
(Composer)
Apr 28, 2022
autogluon.multimodal vulnerable to unsafe YAML deserialization
High
GHSA-6h2x-4gjf-jc5w
was published
for
autogluon.multimodal
(pip)
Sep 21, 2022
Denial of service in ASP.NET Core
High
CVE-2018-8269
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue
High
GHSA-q2fj-6h62-59m2
was published
for
io.apiman:apiman-distro-vertx
(Maven)
Dec 30, 2022
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
High
CVE-2022-40151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 30, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken
High
GHSA-h864-m8vm-3xvj
was published
for
oqs
(Rust)
Aug 18, 2022
Potential inter-blockchain communication (IBC) protocol compromise via "Dragonberry" vulnerability in cheqd
High
GHSA-j92c-mmf7-j5x5
was published
for
github.com/cheqd/cheqd-node
(Go)
Oct 18, 2022
PocketMine-MP invalid skin geometry JSON data leading to server crash
High
GHSA-8cwq-4cmf-px73
was published
for
pocketmine/pocketmine-mp
(Composer)
Aug 18, 2022
Redwood is vulnerable to account takeover via dbAuth "forgot-password"
High
GHSA-3qmc-2r76-4rqp
was published
for
@redwoodjs/api
(npm)
Nov 10, 2022
django-sendfile2 before 0.7.0 contains reflected file download vulnerability
High
GHSA-pcjh-6r5h-r92r
was published
for
django-sendfile2
(pip)
Aug 11, 2022
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
High
GHSA-c439-chv8-8g2j
was published
for
os_socketaddr
(Rust)
Sep 2, 2022
Prometheus vulnerable to basic authentication bypass
High
GHSA-4v48-4q5m-8vx4
was published
for
github.com/prometheus/prometheus
(Go)
Dec 5, 2022
Keycloak vulnerable to uncontrolled resource consumption
High
CVE-2014-3651
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
High
CVE-2015-2080
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Nov 9, 2018
Keycloak vulnerable to infinite loop based Denial of Service
High
CVE-2017-2646
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
High
CVE-2016-7051
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
High
CVE-2022-2668
was published
for
org.keycloak:keycloak-parent
(Maven)
Sep 23, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
Parse Server before v3.4.1 vulnerable to Denial of Service
High
CVE-2019-1020012
was published
for
parse-server
(npm)
Jun 13, 2019
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
High
GHSA-gmhj-xjfh-cf6m
was published
for
github.com/mohammed90/caddy-ssh
(Go)
Sep 23, 2022
ckb type_id script resume may randomly fail
High
GHSA-mcmr-49x3-4jqm
was published
for
ckb
(Rust)
Nov 2, 2022
Phoenix-ws source code and data in extensions folder is publicly available
High
GHSA-c8f7-x2g7-7fxj
was published
for
phoenix-ws
(pip)
Jun 2, 2022
Improper handling of multiline messages in node-irc
High
GHSA-52rh-5rpj-c3w6
was published
for
matrix-org-irc
(npm)
May 5, 2022
ProTip!
Advisories are also available from the
GraphQL API