Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,163 advisories

Loading
Pannellum Cross-Site Scripting due to data not being sanitized for URIs or vbscript Moderate
CVE-2019-16763 was published for pannellum (npm) Nov 22, 2019
max-schaefer
grunt-gh-pages before 0.10.0 may allow unencrypted GitHub credentials to be written to a log file Moderate
CVE-2016-10526 was published for grunt-gh-pages (npm) Feb 18, 2019
mysql Node.JS Module Vulnerable to Remote Memory Exposure Moderate
GHSA-5f7m-mmpc-qhh4 was published for mysql (npm) May 23, 2019
cookie-signature Timing Attack Moderate
CVE-2016-1000236 was published for cookie-signature (npm) Jan 6, 2020
Ignition config accessible to unprivileged software on VMware Moderate
CVE-2022-1706 was published for github.com/coreos/ignition (Go) May 25, 2022
jonaz bgilbert
`MsQueue` `push`/`pop` use the wrong orderings Moderate
GHSA-rwf4-gx62-rqfw was published for crossbeam (Rust) Jun 8, 2022
dompurify vulnerable to Cross-site Scripting Moderate
GHSA-pgjv-jrg2-gq3v was published for dompurify (pip) Jan 11, 2023
dompurify vulnerable to Cross-site Scripting Moderate
GHSA-h6p3-p4vx-wr8q was published for dompurify (pip) Jan 11, 2023
XML-RPC for PHP's debugger vulnerable to possible XSS attack Moderate
GHSA-pxqj-xrv5-qvjf was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument Moderate
GHSA-7vcx-v65q-9wpg was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
XML-RPC for PHP allows access to local files via malicious argument to the Client::send method Moderate
GHSA-m95x-m25c-w9mp was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
Library exclusively intended to obfuscate code. Moderate
GHSA-gfg9-x6px-r7gr was published for plutonium (Rust) Jun 16, 2022
`array!` macro is unsound when its length is impure constant Moderate
GHSA-7v4j-8wvr-v55r was published for array-macro (Rust) Jun 16, 2022
sugar700
Path traversal for local publishers in TechDocs backend Moderate
GHSA-4jqc-jvh2-pxg9 was published for @backstage/plugin-techdocs-node (npm) Jun 17, 2022
Stack overflow in rustc_serialize when parsing deeply nested JSON Moderate
GHSA-2226-4v3c-cff8 was published for rustc-serialize (Rust) Jun 17, 2022
AtomicBucket<T> unconditionally implements Send/Sync Moderate
GHSA-3hxh-7jxm-59x4 was published for metrics-util (Rust) Jun 17, 2022
`SegQueue` creates zero value of any type Moderate
GHSA-6888-wf7j-34jq was published for crossbeam-queue (Rust) Jun 16, 2022
vec-const attempts to construct a Vec from a pointer to a const slice Moderate
GHSA-jmwx-r3gq-qq3p was published for vec-const (Rust) Jun 17, 2022
`SegQueue` creates zero value of any type Moderate
GHSA-8gj8-hv75-gp94 was published for crossbeam (Rust) Jun 16, 2022
Use After Free in Context::start_auth_session Moderate
GHSA-w3vw-ccc5-qr8v was published for tss-esapi (Rust) Jun 17, 2022
RustEmbed generated `get` method allows for directory traversal when reading files from disk Moderate
GHSA-cgw6-f3mj-h742 was published for rust-embed (Rust) Jun 17, 2022
Formula Injection in Exported Data Moderate
GHSA-7rq4-qcpw-74gq was published for inventree (pip) Jun 17, 2022
saharshtapi
Uncontrolled Resource Consumption in Spray JSON Moderate
CVE-2018-18855 was published for io.spray:spray-json (Maven) Jun 28, 2022
Potential segfault in `localtime_r` invocations Moderate
GHSA-cqpr-pcm7-m3jc was published for chrono (Rust) Jun 16, 2022 withdrawn
sugar700 penberg
DOS and excessive memory usage when passing untrusted user input to to dag import Moderate
GHSA-f2gr-7299-487h was published for github.com/ipfs/go-ipfs (Go) Jul 6, 2022
Jorropo avivdolev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database