GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
373 advisories
Filter by severity
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Moderate
CVE-2018-1000023
was published
for
insight-api
(npm)
Mar 5, 2018
Moderate severity vulnerability that affects mailman
Moderate
CVE-2018-13796
was published
for
mailman
(pip)
Sep 11, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
User Impersonation in converse.js
Moderate
CVE-2017-5858
was published
for
converse.js
(npm)
Sep 11, 2020
ReDOS vulnerabities: multiple grammars
Moderate
GHSA-7wwv-vh3v-89cq
was published
for
@highlightjs/cdn-assets
(npm)
Dec 4, 2020
Man-in-the-middle attack in Apache Axis
Moderate
CVE-2012-5784
was published
for
axis:axis
(Maven)
Oct 7, 2020
Directory traversal in development mode handler in Vaadin 14 and 15-17
Moderate
GHSA-82mf-mmh7-hxp5
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
GHSA-jq42-hfch-42f3
was published
for
github.com/hpcng/singularity
(Go)
Jun 1, 2021
Improper input validation in umoci
Moderate
CVE-2021-29136
was published
for
github.com/opencontainers/umoci
(Go)
Feb 15, 2022
Improper Input Validation in OpenCV
Moderate
CVE-2016-1517
was published
for
opencv-contrib-python
(pip)
Oct 12, 2021
Unexpected panics in num-bigint
Moderate
GHSA-v935-pqmr-g8v9
was published
for
num-bigint
(Rust)
Nov 3, 2021
Permissive parameters and privilege escalation
Moderate
CVE-2018-20301
was published
for
coherence
(Erlang)
Feb 10, 2022
Shopware has Improper Input Validation issue in newsletter subscription
Moderate
CVE-2023-22734
was published
for
shopware/core
(Composer)
Jan 20, 2023
Improper Input Validation in pyload-ng
Moderate
CVE-2023-0434
was published
for
pyload-ng
(pip)
Jan 22, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Moderate
CVE-2023-22730
was published
for
shopware/core
(Composer)
Jan 17, 2023
Improper Input Validation in url-js
Moderate
CVE-2022-25839
was published
for
url-js
(npm)
Mar 12, 2022
Login screen allows message spoofing if SSO is enabled
Moderate
CVE-2022-24905
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Missing validation causes `TensorSummaryV2` to crash
Moderate
CVE-2022-29193
was published
for
tensorflow
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API