GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
298 advisories
Filter by severity
Cross-site Scripting in github.com/schollz/rwtxt
Moderate
CVE-2021-20848
was published
for
github.com/schollz/rwtxt
(Go)
Nov 29, 2021
Excessive memory allocation
Moderate
CVE-2018-12541
was published
for
io.vertx:vertx-core
(Maven)
Oct 17, 2018
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Critical
CVE-2022-44136
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
fastify/websocket vulnerable to uncaught exception via crash on malformed packet
High
CVE-2022-39386
was published
for
@fastify/websocket
(npm)
Nov 7, 2022
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2022-36745
was published
for
librenms/librenms
(Composer)
Aug 31, 2022
etcd user credentials are stored in WAL logs in plaintext
Low
GHSA-528j-9r78-wffx
was published
for
go.etcd.io/etcd/client/v3
(Go)
Oct 6, 2022
Ambiguous OCI manifest parsing
Low
GHSA-5j5w-g665-5m35
was published
for
github.com/containerd/containerd
(Go)
Nov 18, 2021
redcarpet Buffer Overflow vulnerability
High
CVE-2015-5147
was published
for
redcarpet
(RubyGems)
Aug 15, 2018
Velociraptor subject to Path Traversal
Moderate
CVE-2023-0290
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jan 19, 2023
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack
Moderate
GHSA-7p7c-pvvx-2vx3
was published
for
hyper-staticfile
(Rust)
Dec 5, 2022
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Status Board vulnerable to Cross-Site Scripting before v1.1.82
Moderate
CVE-2019-15479
was published
for
status-board
(npm)
Sep 23, 2019
Browsershot does not validate URL protocols passed to Browsershot URL method
High
CVE-2022-41706
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Deserializing an array can free uninitialized memory in byte_struct
Critical
CVE-2021-28033
was published
for
byte_struct
(Rust)
Aug 25, 2021
Warp vulnerable to Path Traversal via Improper validation of Windows paths
High
GHSA-8v4j-7jgf-5rg9
was published
for
warp
(Rust)
Jan 31, 2023
User login denial of service in github.com/google/fscrypt
Moderate
CVE-2022-25327
was published
for
github.com/google/fscrypt
(Go)
Feb 26, 2022
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow
High
CVE-2023-22895
was published
for
bzip2
(Rust)
Jan 10, 2023
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
High
CVE-2022-31115
was published
for
opensearch-ruby
(RubyGems)
Jul 5, 2022
Regular Expression Denial of Service in charset
High
CVE-2017-16098
was published
for
charset
(npm)
Aug 9, 2018
HashiCorp Nomad vulnerable to Insufficient Session Expiration
Low
CVE-2022-3867
was published
for
github.com/hashicorp/nomad
(Go)
Nov 10, 2022
XSS in Image Optimization API for Next.js
High
CVE-2021-39178
was published
for
next
(npm)
Sep 1, 2021
Yapscan's report receiver server vulnerable to path traversal and log injection
High
GHSA-9h6h-9g78-86f7
was published
for
github.com/fkie-cad/yapscan
(Go)
Dec 29, 2022
ProTip!
Advisories are also available from the
GraphQL API