Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

10,605 advisories

Loading
Open redirect in Slashify Moderate
CVE-2021-3189 was published for slashify (npm) Feb 5, 2021
Cross-site scripting in Bleach Moderate
CVE-2021-23980 was published for bleach (pip) Feb 2, 2021
CKEditor 5 Markdown plugin Regular expression Denial of Service Moderate
CVE-2021-21254 was published for @ckeditor/ckeditor5-markdown-gfm (npm) Jan 29, 2021
XSS in Flarum Sticky extension Moderate
CVE-2021-21283 was published for flarum/sticky (Composer) Jan 29, 2021
Users can edit the tags of any discussion Moderate
GHSA-32wx-4gxx-h48f was published for flarum/tags (Composer) Jan 29, 2021
LianSheng197 SychO9
Cross Site Scripting (XSS) in XWiki Moderate
CVE-2021-3137 was published for org.xwiki.commons:xwiki-commons (Maven) Jan 29, 2021
IPC messages delivered to the wrong frame in Electron Moderate
CVE-2020-26272 was published for electron (npm) Jan 28, 2021
nornagon decsecre583
Improper Verification of Cryptographic Signature in PySAML2 Moderate
CVE-2021-21239 was published for pysaml2 (pip) Jan 21, 2021
bawolff
SAML XML Signature wrapping in PySAML2 Moderate
CVE-2021-21238 was published for pysaml2 (pip) Jan 21, 2021
VictorSG
CORS misconfiguration in socket.io Moderate
CVE-2020-28481 was published for socket.io (npm) Jan 20, 2021
CSV Injection vulnerability with exported contact lists in Mautic Moderate
CVE-2018-8092 was published for mautic/core (Composer) Jan 19, 2021
XSS vulnerability in company name field in Mautic Moderate
CVE-2018-11200 was published for mautic/core (Composer) Jan 19, 2021
joanbono alanhartless
Inline JS XSS vulnerability in Mautic Moderate
CVE-2017-1000488 was published for mautic/core (Composer) Jan 19, 2021
alanhartless
XSS vulnerability in theme config file in Mautic Moderate
CVE-2018-8071 was published for mautic/core (Composer) Jan 19, 2021
XSS vulnerability in Author URL of themes in Mautic Moderate
CVE-2018-11198 was published for mautic/core (Composer) Jan 19, 2021
joanbono
Mautic users able to download any files from server using filemanager Moderate
CVE-2017-1000490 was published for mautic/core (Composer) Jan 19, 2021
rails_admin ruby gem XSS vulnerability Moderate
CVE-2020-36190 was published for rails_admin (RubyGems) Jan 14, 2021
Kirby .dev domains and some reverse proxy setups were treated as local Moderate
CVE-2020-26253 was published for getkirby/cms (Composer) Jan 14, 2021
Signature validation bypass in ServiceStack Moderate
CVE-2020-28042 was published for ServiceStack (NuGet) Jan 13, 2021
Injection/XSS in Redcarpet Moderate
CVE-2020-26298 was published for redcarpet (RubyGems) Jan 11, 2021
lxml vulnerable to Cross-site Scripting Moderate
CVE-2020-27783 was published for lxml (pip) Jan 7, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21911 was published for TinyMCE (Composer) Jan 6, 2021
emilwareus
Axios vulnerable to Server-Side Request Forgery Moderate
CVE-2020-28168 was published for axios (npm) Jan 4, 2021
Hostname spoofing via backslashes in URL Moderate
CVE-2020-26291 was published for urijs (npm) Dec 30, 2020
alesandroortiz
Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability Moderate
CVE-2020-26247 was published for nokogiri (RubyGems) Dec 30, 2020
eric-therond
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database