Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,165 advisories

Loading
Unintended Require in larvitbase-www Moderate
GHSA-88h9-fc6v-jcw7 was published for larvitbase-www (npm) Sep 3, 2020
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Denial of Service in ecstatic Moderate
CVE-2019-10775 was published for ecstatic (npm) Dec 15, 2020
Potential XSS in jQuery dependency in Mirador Moderate
GHSA-hgwm-pv9h-q5m7 was published for mirador (npm) Sep 18, 2020
Exposure of .env if project root is configured as web root in shopware/production Moderate
GHSA-3pcr-4982-548m was published for shopware/production (Composer) Apr 13, 2021
Withdrawn: HTTP Request Smuggling in Agoo Moderate
CVE-2020-7670 was published for agoo (RubyGems) Oct 20, 2020 withdrawn
Reflected XSS with parameters in PostComment Moderate
CVE-2020-26225 was published for prestashop/productcomments (Composer) Nov 16, 2020
my3ker
Cross-Site Scripting in Grav Moderate
GHSA-cvmr-6428-87w9 was published for getgrav/grav (Composer) Dec 10, 2020
ShrubberyRubbery
XSS vulnerability in company name field in Mautic Moderate
CVE-2018-11200 was published for mautic/core (Composer) Jan 19, 2021
joanbono alanhartless
Users can edit the tags of any discussion Moderate
GHSA-32wx-4gxx-h48f was published for flarum/tags (Composer) Jan 29, 2021
LianSheng197 SychO9
Cross-Site Scripting in mavon-editor Moderate
GHSA-jfcc-rm7f-xgf8 was published for mavon-editor (npm) Sep 3, 2020
Path Traversal within joomla/archive zip class Moderate
CVE-2021-26028 was published for joomla/archive (Composer) Mar 24, 2021
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria Moderate
GHSA-35fr-h7jr-hh86 was published for com.linecorp.armeria:armeria (Maven) Dec 6, 2019
JLLeitschuh
Outdated Static Dependency in vue-moment Moderate
GHSA-hrpp-f84w-xhfg was published for vue-moment (npm) Sep 4, 2020
Signatures are mistakenly recognized to be valid in jsrsasign Moderate
GHSA-h87q-g2wp-47pj was published for jsrsasign (npm) Feb 9, 2022
JavaScript execution via malicious molfiles (XSS) Moderate
GHSA-2pwh-52h7-7j84 was published for de.ipb-halle:molecularfaces (Maven) Apr 16, 2021
NULL Pointer Dereference in Kubernetes CSI snapshot-controller Moderate
CVE-2020-8569 was published for github.com/kubernetes-csi/external-snapshotter/v2 (Go) Feb 15, 2022
Man-in-the-middle attack in Apache Axis Moderate
CVE-2012-5784 was published for axis:axis (Maven) Oct 7, 2020
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 Moderate
GHSA-c6c4-7x48-4cqp was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Authenticated XML External Entity Processing Moderate
GHSA-8xv9-qcr9-ww9j was published for shopware/core (Composer) Oct 19, 2020
dahua966
Out-of-Bounds read in stringstream Moderate
GHSA-qpw2-xchm-655q was published for stringstream (npm) Jan 6, 2022 withdrawn
OS Command Injection in node-notifier Moderate
CVE-2020-7789 was published for node-notifier (npm) Dec 21, 2020
Code Injection in mquery Moderate
CVE-2020-35149 was published for mquery (npm) Dec 18, 2020
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint Moderate
GHSA-7h5v-85w9-pq6c was published for matrix-synapse (pip) May 19, 2021
DNS Rebinding in etcd Moderate
CVE-2018-1099 was published for go.etcd.io/etcd (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database