Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
python-glanceclient vulnerable to SSL server spoofing due to unverified X.509 certificate High
CVE-2013-4111 was published for python-glanceclient (pip) May 14, 2022
python-bugzilla has improper validation of X.509 certificates High
CVE-2013-2191 was published for python-bugzilla (pip) May 14, 2022
Django Allows Open Redirects High
CVE-2014-3730 was published for Django (pip) May 14, 2022
Django Incorrectly Validates URLs High
CVE-2014-0480 was published for Django (pip) May 14, 2022
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository High
CVE-2016-3069 was published for mercurial (pip) May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL High
CVE-2016-3068 was published for mercurial (pip) May 14, 2022
Pillow denial of service via PNG bomb High
CVE-2014-9601 was published for pillow (pip) May 14, 2022
Pillow denial of service via Crafted Block Size High
CVE-2014-3589 was published for pillow (pip) May 14, 2022
Ansible Arbitrary Code Execution High
CVE-2014-3498 was published for ansible (pip) May 14, 2022
Apache Struts Code injection due to conversion error High
CVE-2012-0838 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Improper Input Validation in Apache Spark High
CVE-2018-11804 was published for org.apache.spark:spark-core (Maven) May 14, 2022
i18n Vulnerable to Denial of Service Attack High
CVE-2014-10077 was published for i18n (RubyGems) May 14, 2022
jhutchings1
Sylabs Singularity Improper Input Validation High
CVE-2018-19295 was published for github.com/sylabs/singularity (Go) May 14, 2022
Withdrawn Advisory: OnionShare Predictable Pathname High
CVE-2018-19960 was published for onionshare-cli (pip) May 14, 2022 withdrawn
Improper Input Validation Apache Commons Email High
CVE-2018-1294 was published for org.apache.commons:commons-email (Maven) May 14, 2022
phpMyAdmin DoS Vulnerability High
CVE-2017-1000014 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin DoS Vulnerability High
CVE-2017-1000018 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Apache Struts forced double OGNL evaluation High
CVE-2016-4461 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
SimpleSAMLphp InfoCard module Incorrect signature verification High
CVE-2017-12874 was published for simplesamlphp/simplesamlphp-module-infocard (Composer) May 14, 2022
Improper Input Validation in Jenkins High
CVE-2017-1000394 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Input Validation in Jenkins High
CVE-2017-1000391 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
mod_cluster Denial of Service vulnerability High
CVE-2016-3110 was published for org.jboss.mod_cluster:mod_cluster-parent (Maven) May 14, 2022
SimpleSAMLphp Authentication context bypass in the multiauth module High
CVE-2017-12869 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
RubyGems Improper Input Validation vulnerability High
CVE-2017-0900 was published for rubygems-update (RubyGems) May 14, 2022
GitHub Git LFS Arbitrary command execution vulnerability High
CVE-2017-17831 was published for github.com/git-lfs/git-lfs (Go) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database