Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion High
CVE-2024-54149 was published for winter/wn-cms-module (Composer) Dec 9, 2024
bennothommo
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer frenzymadness
Microsoft Outlook Remote Code Execution Vulnerability High Unreviewed
CVE-2024-30103 was published Jun 11, 2024
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This... High Unreviewed
CVE-2023-23844 was published Jul 26, 2023
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry eltigerchino dominikg
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of... High Unreviewed
CVE-2020-14372 was published May 24, 2022
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)... High Unreviewed
CVE-2021-1133 was published May 24, 2022
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute... High Unreviewed
CVE-2015-5946 was published May 17, 2022
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly... High Unreviewed
CVE-2018-16863 was published May 13, 2022
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and... High Unreviewed
CVE-2018-6383 was published May 13, 2022
Denial of Service in http-proxy High
GHSA-6x33-pw7p-hmpq was published for http-proxy (npm) Sep 4, 2020
chalbersma
Deserialization of Untrusted Data in jackson-databind High
CVE-2018-5968 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 30, 2020
sunSUNQ
private_address_check contains Incomplete List of Disallowed Inputs High
CVE-2017-0909 was published for private_address_check (RubyGems) Nov 30, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database