GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
118 advisories
Filter by severity
Cross-site Scripting in Apereo CAS
Moderate
CVE-2021-42567
was published
for
org.apereo.cas:cas-server-core-web
(Maven)
Dec 10, 2021
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Moderate
GHSA-fxwm-rx68-p5vx
was published
for
ezsystems/ezplatform-richtext
(Composer)
Dec 1, 2021
Cross-site Scripting in github.com/schollz/rwtxt
Moderate
CVE-2021-20848
was published
for
github.com/schollz/rwtxt
(Go)
Nov 29, 2021
ReDoS vulnerability in parser_apache2
Moderate
CVE-2021-41186
was published
for
fluentd
(RubyGems)
Nov 1, 2021
Improper Access Control in github.com/treeverse/lakefs
Moderate
GHSA-m836-gxwq-j2pm
was published
for
github.com/treeverse/lakefs
(Go)
Oct 28, 2021
Remote command injection when using sendmail email transport
Moderate
GHSA-wfrj-qqc2-83cm
was published
for
ghost
(npm)
Sep 20, 2021
Deserialization of Untrusted Data in ParlAI
Moderate
CVE-2021-24040
was published
for
parlai
(pip)
Sep 13, 2021
XSS vulnerability on password reset page
Moderate
CVE-2021-27909
was published
for
mautic/core
(Composer)
Sep 1, 2021
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Moderate
CVE-2021-33605
was published
for
com.vaadin:vaadin-checkbox-flow
(Maven)
Aug 30, 2021
Error on unsupported architectures in raw-cpuid
Moderate
CVE-2021-26307
was published
for
raw-cpuid
(Rust)
Aug 25, 2021
mio invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35922
was published
for
mio
(Rust)
Aug 25, 2021
ordered_float:NotNan may contain NaN after panic in assignment operators
Moderate
CVE-2020-35923
was published
for
ordered-float
(Rust)
Aug 25, 2021
Mutable reference with immutable provenance in image
Moderate
CVE-2020-35916
was published
for
image
(Rust)
Aug 25, 2021
Unexpected panic when decoding tokens in branca
Moderate
CVE-2020-35918
was published
for
branca
(Rust)
Aug 25, 2021
HTTPS MitM vulnerability due to lack of hostname verification
Moderate
CVE-2016-10932
was published
for
hyper
(Rust)
Aug 25, 2021
qiita-markdown Cross-site Scripting vulnerability
Moderate
CVE-2021-28833
was published
for
qiita-markdown
(RubyGems)
Aug 2, 2021
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
Information Disclosure in User Authentication
Moderate
CVE-2021-32767
was published
for
typo3/cms
(Composer)
Jul 26, 2021
Cross-site scripting in TileServer GL
Moderate
CVE-2020-15500
was published
for
tileserver-gl
(npm)
May 17, 2021
Missing Release of Memory after Effective Lifetime in Apache Tika
Moderate
CVE-2020-9489
was published
for
org.apache.tika:tika
(Maven)
May 7, 2021
Improper Input Validation in sanitize-html
Moderate
CVE-2021-26539
was published
for
sanitize-html
(npm)
May 6, 2021
ProTip!
Advisories are also available from the
GraphQL API