GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
41 advisories
Code injection in dragonfly gem
High
CVE-2013-5671
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
WEBrick Improper Input Validation vulnerability
Moderate
CVE-2009-4492
was published
for
webrick
(RubyGems)
Oct 24, 2017
Regular Expression Denial of Service in slug
Moderate
CVE-2017-16117
was published
for
slug
(npm)
Jul 24, 2018
Regular Expression Denial of Service in debug
Low
CVE-2017-16137
was published
for
debug
(npm)
Aug 9, 2018
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
High
CVE-2017-9804
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
Critical
CVE-2018-19360
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
XML External Entity Reference (XXE) in jackson-databind
Critical
CVE-2018-14720
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
Regular Expression Denial of Service in clean-css
Low
GHSA-wxhq-pm8v-cw75
was published
for
clean-css
(npm)
Jun 5, 2019
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
Malicious package may avoid detection in python auditing
Moderate
CVE-2020-5252
was published
for
safety
(pip)
Mar 24, 2020
django-celery-results Stores Sensitive Information In Cleartext
High
CVE-2020-17495
was published
for
django-celery-results
(pip)
Jun 4, 2021
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Inefficient Regular Expression Complexity in chalk/ansi-regex
High
CVE-2021-3807
was published
for
ansi-regex
(npm)
Sep 20, 2021
Prototype Pollution in json-pointer
Moderate
CVE-2021-23820
was published
for
json-pointer
(npm)
Nov 8, 2021
Inefficient Regular Expression Complexity in Validator.js
Moderate
GHSA-xx4c-jj58-r7x6
was published
for
validator
(npm)
Nov 19, 2021
Improper Input Validation in xdLocalStorage
High
CVE-2015-9544
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Open Redirect in xdLocalStorage
Moderate
CVE-2020-11611
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Improper Input Validation in xdLocalStorage
High
CVE-2015-9545
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Infinite loop causing Denial of Service in colors
High
GHSA-5rqg-jm4f-cqx7
was published
for
Colors
(npm)
Jan 10, 2022
Arbitrary expression injection in Pillow
Critical
CVE-2022-22817
was published
for
Pillow
(pip)
Jan 12, 2022
Laravel Sensitive Data Exposure
Moderate
CVE-2017-14775
was published
for
illuminate/auth
(Composer)
May 17, 2022
Scrapy denial of service vulnerability
High
CVE-2017-14158
was published
for
scrapy
(pip)
May 17, 2022
Silverstripe Flash Clipboard Reflected XSS
Moderate
CVE-2019-12205
was published
for
silverstripe/admin
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API