Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

809 advisories

Loading
Negative charge in shopping cart in Shopizer Critical
CVE-2020-11007 was published for com.shopizer:sm-core-model (Maven) Apr 22, 2020
Validation Bypass in slp-validate Critical
CVE-2019-16761 was published for slp-validate (npm) Nov 15, 2019
Critical severity vulnerability that affects slpjs Critical
CVE-2019-16762 was published for slpjs (npm) Nov 15, 2019
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character Critical
CVE-2017-7676 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Verification Bypass in jsonwebtoken Critical
CVE-2015-9235 was published for jsonwebtoken (npm) Oct 9, 2018
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
Prototype Pollution in merge-options Critical
CVE-2018-3752 was published for merge-options (npm) Oct 9, 2018
Deserialization Code Execution in js-yaml Critical
CVE-2013-4660 was published for js-yaml (npm) Oct 24, 2017
Forgeable Public/Private Tokens in jwt-simple Critical
CVE-2016-10555 was published for jwt-simple (npm) Nov 6, 2018
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
Remote Code Execution in npm-groovy-lint Critical
GHSA-qc22-qwm9-j8rx was published for npm-groovy-lint (npm) Dec 20, 2021
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation Critical
CVE-2019-9845 was published for MadsKristensen.AspNetCore.Miniblog (NuGet) Jul 5, 2019
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code... Critical Unreviewed
CVE-2021-42786 was published Mar 11, 2022
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2022-25498 was published Mar 16, 2022
In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote... Critical Unreviewed
CVE-2022-27228 was published Mar 23, 2022
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the... Critical Unreviewed
CVE-2022-25757 was published Mar 29, 2022
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute... Critical Unreviewed
CVE-2021-39065 was published Dec 14, 2021
Imporoper path validation in elFinder.NetCore Critical
CVE-2021-23427 was published for elFinder.NetCore (NuGet) Sep 2, 2021
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to... Critical Unreviewed
CVE-2011-4124 was published Apr 22, 2022
Policies not properly enforced in OWASP Java HTML Sanitizer Critical
CVE-2021-42575 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) Oct 19, 2021
Improper Input Validation in Spring AMQP Critical
CVE-2016-2173 was published for org.springframework.amqp:spring-amqp (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database