Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,163 advisories

Loading
SSRF in repository migration Moderate
GHSA-q347-cg56-pcq4 was published for gogs.io/gogs (Go) Mar 14, 2022
michaellrowley
Sysctls applied to containers with host IPC or host network namespaces can affect the host Moderate
GHSA-w2j5-3rcx-vx7x was published for github.com/cri-o/cri-o (Go) Mar 15, 2022
haircommander
Multiple memory safety issues in actix-web Moderate
GHSA-w65j-g6c7-g3m4 was published for actix-web (Rust) Aug 25, 2021
Possibility for Denial of Service by overwriting PHP files with language exports Moderate
GHSA-3fvf-2gp4-89wq was published for barryvdh/laravel-translation-manager (Composer) Mar 18, 2022
Object injection in cookie driver in phpfastcache Moderate
CVE-2019-16774 was published for phpfastcache/phpfastcache (Composer) Dec 12, 2019
Geolim4
Opened exploitable ports in default docker-compose.yaml in go-ipfs Moderate
GHSA-fx5p-f64h-93xc was published for github.com/ipfs/go-ipfs (Go) Apr 4, 2022
Winterhuman
Improper Certificate Validation in node-sass affects eZ Platform Moderate
GHSA-6v6p-g8cg-2hgg was published for ezsystems/ezplatform-admin-ui (Composer) Apr 1, 2022
Denial of service Moderate
CVE-2019-16764 was published for pow_assent (Erlang) Apr 12, 2022
XML Injection in Xerces Java affects Nokogiri Moderate
GHSA-xxx9-3xcr-gjj3 was published for nokogiri (RubyGems) Apr 11, 2022
Inefficient Regular Expression Complexity in Validator.js Moderate
GHSA-xx4c-jj58-r7x6 was published for validator (npm) Nov 19, 2021
yetingli G-Rath
Session fixation Moderate
CVE-2020-5205 was published for pow (Erlang) Apr 12, 2022
Cross-site Scripting in xain Moderate
CVE-2018-20302 was published for xain (Erlang) Apr 12, 2022
Missing `is_nil` requirement Moderate
GHSA-2xxx-fhc8-9qvq was published for ecto (Erlang) Apr 12, 2022
XSS in HEEx class attributes Moderate
GHSA-j3gg-r6gp-95q2 was published for phoenix_html (Erlang) Apr 12, 2022
Denial-of-service vulnerability processing large chat messages containing many newlines Moderate
GHSA-gj94-v4p9-w672 was published for pocketmine/pocketmine-mp (Composer) May 25, 2022
Header Injection Moderate
CVE-2018-1000883 was published for plug (Erlang) Apr 12, 2022
SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc Moderate
GHSA-cf4q-4cqr-7g7w was published for xml2rfc (pip) Apr 22, 2022
`CHECK` failure in depthwise ops via overflows Moderate
GHSA-mw6j-hh29-h379 was published for tensorflow (pip) May 25, 2022
XSS in various backend modules due to (un)escaping in JS notification module Moderate
GHSA-jfxf-4frr-9j3q was published for neos/neos (Composer) May 25, 2022
GitHub CLI can execute a git binary from the current directory Moderate
GHSA-fqfh-778m-2v32 was published for github.com/cli/cli (Go) Feb 11, 2022
dawidgolunski avivdolev
Arbitrary File Write via Archive Extraction in mholt/archiver Moderate
CVE-2018-1002207 was published for github.com/mholt/archiver (Go) Feb 15, 2022
avivdolev
nftables binding to an already bound chain Moderate
GHSA-jr8j-2jhp-m67v was published for github.com/siderolabs/talos (Go) Sep 16, 2022
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate
CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020
`cell-project` used incorrect variance when projecting through `&Cell<T>` Moderate
GHSA-p75v-367r-2v23 was published for cell-project (Rust) Sep 16, 2022
Marked ReDoS due to email addresses being evaluated in quadratic time Moderate
GHSA-xf5p-87ch-gxw2 was published for marked (npm) Jun 5, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database