Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,824 advisories

Improper hashing in enrocrypt High
CVE-2021-39182 was published for enrocrypt (pip) Nov 10, 2021
NULL pointer derefernce in `stb_image` Moderate
GHSA-ppjr-267j-5p9x was published for stb_image (Rust) Mar 20, 2023
Improper Privilege Management in Spring Framework High
CVE-2021-22118 was published for org.springframework:spring-web (Maven) May 24, 2022
catch22out
PHPServerMon PRNG has Insufficient Entropy Moderate
CVE-2021-4241 was published for phpservermon/phpservermon (Composer) Nov 16, 2022
rdiffweb vulnerable to Authentication Bypass by Primary Weakness High
CVE-2022-4722 was published for rdiffweb (pip) Dec 27, 2022
Nokogiri Implements libxml2 version vulnerable to use-after-free High
CVE-2021-3518 was published for nokogiri (RubyGems) May 24, 2022
Rambox RCE Vulnerability Critical
CVE-2019-17625 was published for Rambox (npm) May 24, 2022
xxl-job sensitive data exposure High
CVE-2020-23811 was published for com.xuxueli:xxl-job (Maven) May 24, 2022
silverstripe-advancedreports vulnerable to XSS Moderate
CVE-2020-25102 was published for silverstripe-australia/advancedreports (Composer) May 24, 2022
Keycloak: Impersonation and lockout possible through incorrect handling of email trust Moderate
CVE-2023-0105 was published for org.keycloak:keycloak-core (Maven) Jul 18, 2023
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly Moderate
GHSA-vhvq-jh34-3fc8 was published for org.keycloak:keycloak-core (Maven) Jan 13, 2023 withdrawn
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following Moderate
CVE-2021-4287 was published for binwalk (pip) Dec 27, 2022
ke_search for Typo3 XSS Vulnerability Moderate
CVE-2020-15517 was published for tpwd/ke_search (Composer) May 24, 2022
GleamTech FileUltimate Cross-site Scripting Moderate
CVE-2020-15015 was published for GleamTech.FileUltimate (NuGet) May 24, 2022
Mattermost Server Sensitive Data Exposure Moderate
CVE-2020-14457 was published for github.com/mattermost/mattermost (Go) May 24, 2022
Spoon Library as used in Fork CMS allows PHP object injection Critical
CVE-2019-15521 was published for spoon/library (Composer) May 24, 2022
Total.js CMS Path Traversal High
CVE-2019-15952 was published for total4 (npm) May 24, 2022
Total.js CMS Unauthorized Access High
CVE-2019-15953 was published for total4 (npm) May 24, 2022
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
LibreNMS Information Disclosure Critical
CVE-2019-10665 was published for librenms/librenms (Composer) May 24, 2022
Gophish XSS Vulnerability Moderate
CVE-2019-16146 was published for github.com/gophish/gophish (Go) May 24, 2022
Elastic APM agent for Python client CGI proxy redirection flaw High
CVE-2019-7617 was published for elastic-apm (pip) May 24, 2022
Pimcore RCE via PHAR upload High
CVE-2019-16317 was published for pimcore/pimcore (Composer) May 24, 2022
Cross-site Scripting in Apache JSPWiki Moderate
CVE-2019-12407 was published for org.apache.jspwiki:jspwiki-main (Maven) May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical
CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API