Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

5,154 advisories

Loading
netmask npm package mishandles octal input data Moderate
CVE-2021-29418 was published for netmask (npm) Mar 29, 2021
Cross-site Scripting (XSS) in Django REST Framework Moderate
CVE-2020-25626 was published for djangorestframework (pip) Mar 19, 2021
Hostname spoofing via backslashes in URL Moderate
CVE-2020-26291 was published for urijs (npm) Dec 30, 2020
alesandroortiz
CHECK-fail in LSTM with zero-length input in TensorFlow Moderate
CVE-2020-26270 was published for tensorflow (pip) Dec 10, 2020
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Memory leak in Nanopb Moderate
CVE-2020-26243 was published for nanopb (pip) Nov 25, 2020
Man-in-the-middle attack in Apache Axis Moderate
CVE-2012-5784 was published for axis:axis (Maven) Oct 7, 2020
Heap buffer overflow in Tensorflow Moderate
CVE-2020-15201 was published for tensorflow (pip) Sep 25, 2020
Denial of Service in Tensorflow Moderate
CVE-2020-15197 was published for tensorflow (pip) Sep 25, 2020
Undefined behavior in Tensorflow Moderate
CVE-2020-15191 was published for tensorflow (pip) Sep 25, 2020
Denial of Service in Tensorflow Moderate
CVE-2020-15194 was published for tensorflow (pip) Sep 25, 2020
Memory leak in Tensorflow Moderate
CVE-2020-15192 was published for tensorflow (pip) Sep 25, 2020
Segfault in Tensorflow Moderate
CVE-2020-15190 was published for tensorflow (pip) Sep 25, 2020
Contao Insert tag injection in forms Moderate
CVE-2020-25768 was published for contao/contao (Composer) Sep 24, 2020
User Impersonation in converse.js Moderate
CVE-2017-5858 was published for converse.js (npm) Sep 11, 2020
Ability to change order address without triggering address validations in solidus Moderate
CVE-2020-15109 was published for solidus_api (RubyGems) Aug 4, 2020
mamhoff kennyadsl
Denial of Service in uap-core when processing crafted User-Agent strings Moderate
CVE-2020-5243 was published for uap-core (RubyGems) Feb 20, 2020
bcaller
Incorrect signature verification in SimpleSAMLphp Moderate
CVE-2016-9955 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
thijskh
Improper input validation in Apache Santuario XML Security for Java Moderate
CVE-2019-12400 was published for org.apache.santuario:xmlsec (Maven) Aug 27, 2019
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ Moderate
CVE-2015-7559 was published for org.apache.activemq:activemq-client (Maven) Aug 1, 2019
sunSUNQ
Insecure Default Configuration in redbird Moderate
GHSA-8948-ffc6-jg52 was published for redbird (npm) Jun 6, 2019
Improper Input Validation in Apache Archiva Moderate
CVE-2019-0214 was published for org.apache.archiva:archiva (Maven) May 14, 2019
Route Validation Bypass in call Moderate
CVE-2016-10543 was published for call (npm) Feb 18, 2019
Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353 Moderate
CVE-2018-1000873 was published for com.fasterxml.jackson.datatype:jackson-datatype-jsr310 (Maven) Dec 21, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core Moderate
CVE-2018-11799 was published for org.apache.oozie:oozie-core (Maven) Dec 20, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database