Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

70 advisories

Loading
Improper random reading in CIRCL Moderate
CVE-2023-1732 was published for github.com/cloudflare/circl (Go) May 11, 2023
XWiki Platform vulnerable to page render failure due to broken translations Moderate
CVE-2023-29520 was published for org.xwiki.platform:xwiki-platform-localization-source-wiki (Maven) Apr 20, 2023
Comrak AST node data is not validated (GHSL-2023-049) Moderate
CVE-2023-28631 was published for comrak (Rust) Mar 28, 2023
darakian
Cilium eBPF filters may be temporarily removed during agent restart Moderate
CVE-2023-27595 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ldelossa ti-mo
aanm
xwiki vulnerable to Improper Handling of Exceptional Conditions Moderate
CVE-2023-26479 was published for org.xwiki.platform:xwiki-platform-rendering-parser (Maven) Mar 3, 2023
go-merkledag's ProtoNode may be modified such that common method calls may panic High
CVE-2022-23495 was published for github.com/ipfs/go-merkledag (Go) Dec 8, 2022
mrd0ll4r
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List High
CVE-2022-23496 was published for nl.basjes.parse.useragent:yauaa (Maven) Dec 8, 2022
binary-1024
nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit Moderate
CVE-2022-41777 was published for nadesiko3 (npm) Dec 5, 2022
Traefik HTTP/2 connections management could cause a denial of service High
CVE-2022-39271 was published for github.com/traefik/traefik/v2 (Go) Oct 10, 2022
rdiffweb Missing Custom Error Page Moderate
CVE-2022-3175 was published for rdiffweb (pip) Sep 14, 2022
Denial of service due to incorrect application of event authorization rules High
CVE-2022-31152 was published for matrix-synapse (pip) Aug 31, 2022
Directus vulnerable to unhandled exception on illegal filename_disk value Moderate
CVE-2022-36031 was published for directus (npm) Aug 30, 2022
wgorecki
Improper Handling of Exceptional Conditions in Newtonsoft.Json High
CVE-2024-21907 was published for Newtonsoft.Json (NuGet) Jun 22, 2022
ezsilmar JamesNK
Denial of service in bottle Critical
CVE-2022-31799 was published for bottle (pip) Jun 3, 2022
Improper Handling of Exceptional Conditions in Apache Tomcat High
CVE-2017-5664 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
OpenStack Neutron's unsupported dport option prevents applying security groups High
CVE-2019-9735 was published for neutron (pip) May 13, 2022
XMLTooling Library Incorrectly Handles Some Exceptions High
CVE-2019-9628 was published for org.opensaml:xmltooling (Maven) May 13, 2022 withdrawn
njuneau-coveo twn
Denial of Service in http-swagger High
CVE-2022-24863 was published for github.com/swaggo/http-swagger (Go) Apr 22, 2022
simpleSAMLphp incorrectly handles XML encryption High
CVE-2011-4625 was published for simplesamlphp/simplesamlphp (Composer) Apr 22, 2022
Improper Handling of Exceptional Conditions inn metadata-extractor Moderate
CVE-2022-24613 was published for com.drewnoakes:metadata-extractor (Maven) Feb 25, 2022
ZGorlock
Uncaught Exception in zip4j Moderate
CVE-2022-24615 was published for net.lingala.zip4j:zip4j (Maven) Feb 25, 2022
srikanth-lingala
Improper Input Validation and Excessive Iteration in Go Facebook Thrift High
CVE-2019-3564 was published for github.com/facebook/fbthrift (Go) Feb 15, 2022
oliverchang
Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty High
CVE-2020-5403 was published for io.projectreactor.netty:reactor-netty-http (Maven) Feb 10, 2022
Uncaught Exception in engine.io High
CVE-2022-21676 was published for engine.io (npm) Jan 13, 2022
marwej
Denial of Service in soketi High
CVE-2022-21667 was published for @soketi/soketi (npm) Jan 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database