GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,161 advisories
Filter by severity
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
Keycloak is vulnerable to IDN homograph attack
Low
GHSA-mwm4-5qwr-g9pf
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
Chrono has potential segfault issue in SPIFFE authenticator
Low
GHSA-45w3-v3g4-54pm
was published
for
parsec-service
(Rust)
Feb 11, 2022
Package discontinued because Bitly lowered the free quota
Low
GHSA-ggrh-grj3-vfvw
was published
for
bitlyshortener
(pip)
Nov 28, 2022
Incorrect default cookie name and recommendation
Low
GHSA-jjmg-x456-w976
was published
for
csrf-csrf
(npm)
Oct 10, 2022
Insecure Credential Storage in web3
Low
GHSA-27v7-qhfv-rqq8
was published
for
web3
(npm)
May 30, 2019
Open Redirect in hekto
Low
GHSA-c5j4-vw9m-xc95
was published
for
hekto
(npm)
Aug 27, 2020
•
withdrawn
Regular Expression Denial of Service in is-my-json-valid
Low
GHSA-4x7c-cx64-49w8
was published
for
is-my-json-valid
(npm)
Aug 19, 2020
•
withdrawn
Regular Expression Denial of Service in braces
Low
GHSA-g95f-p29q-9xw4
was published
for
braces
(npm)
Jun 6, 2019
Sensitive Data Exposure in sequelize-cli
Low
GHSA-3xc7-xg67-pw99
was published
for
sequelize-cli
(npm)
Jun 5, 2019
Undefined Behavior in sailsjs-cacheman
Low
GHSA-5w65-6875-rhq8
was published
for
sailsjs-cacheman
(npm)
Sep 11, 2019
Unencrypted passwords
Low
GHSA-q594-2475-8v9f
was published
for
org.apache.nifi:nifi-standard-processors
(Maven)
Feb 24, 2021
•
withdrawn
Cross-site scripting in SimpleSAMLphp
Low
CVE-2020-5226
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Link injection in SimpleSAMLphp
Low
GHSA-2r3v-q9x3-7g46
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Log injection in SimpleSAMLphp
Low
CVE-2020-5225
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Password Hashing: Do not use MD5
Low
CVE-2020-5229
was published
for
org.opencastproject:opencast-common-jpa-impl
(Maven)
Jan 30, 2020
Request smuggling is possible when both chunked TE and content length specified
Low
CVE-2020-5207
was published
for
io.ktor:ktor-client-cio
(Maven)
Jan 27, 2020
Ability to switch channels via GET parameter enabled in production environments
Low
CVE-2020-5218
was published
for
sylius/sylius
(Composer)
Jan 31, 2020
SMTP Injection in PHPMailer
Low
CVE-2015-8476
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Low
GHSA-mr6r-mvw4-736g
was published
for
vyper
(pip)
Mar 25, 2020
ProTip!
Advisories are also available from the
GraphQL API