Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

10,602 advisories

Loading
malicious SVG attachment causing stored XSS vulnerability Moderate
CVE-2020-15275 was published for moin (pip) Nov 11, 2020
Web Cache Poisoning in find-my-way Moderate
CVE-2020-7764 was published for find-my-way (npm) Nov 9, 2020
Cross-site Scripting in Strapi Moderate
CVE-2020-27666 was published for strapi-plugin-content-manager (npm) Oct 29, 2020
Command Injection in systeminformation Moderate
CVE-2020-26300 was published for systeminformation (npm) Oct 27, 2020
Unauthorized privilege escalation in Mod module Moderate
CVE-2020-15278 was published for red-discordbot (pip) Oct 27, 2020
Jackenmen
Heap buffer overflow in CefSharp Moderate
CVE-2020-15999 was published for CefSharp.Common (NuGet) Oct 27, 2020
receiving subscription objects with deleted session Moderate
CVE-2020-15270 was published for parse-server (npm) Oct 27, 2020
davimacedo maxiqsoft
Arbitrary Code Execution in blazar-dashboard Moderate
CVE-2020-26943 was published for blazar-dashboard (pip) Oct 27, 2020
Withdrawn: HTTP Request Smuggling in Agoo Moderate
CVE-2020-7670 was published for agoo (RubyGems) Oct 20, 2020 withdrawn
Authenticated XML External Entity Processing Moderate
GHSA-8xv9-qcr9-ww9j was published for shopware/core (Composer) Oct 19, 2020
dahua966
Ability to switch customer email address on account detail page and stay verified Moderate
CVE-2020-15245 was published for sylius/sylius (Composer) Oct 19, 2020
decemvre
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint Moderate
CVE-2020-26891 was published for matrix-synapse (pip) Oct 16, 2020
dkasak
Ciphertext Malleability Issue in Tink Java Moderate
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
Privilege Escalation in Channelmgnt plug-in for Sopel Moderate
CVE-2020-15251 was published for sopel-plugins-channelmgnt (pip) Oct 13, 2020
RhinosF1
Cross-site Scripting in Joplin Moderate
CVE-2020-9038 was published for joplin (npm) Oct 13, 2020
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2020-15250 was published for junit:junit (Maven) Oct 12, 2020
JLLeitschuh
XSS vulnerability when listing users on add & modify server pages. Moderate
GHSA-5822-pw57-vv37 was published for pterodactyl/panel (Composer) Oct 8, 2020
sergejostir
Cross-Site Scripting in ternary conditional operator Moderate
CVE-2020-15241 was published for typo3/cms (Composer) Oct 8, 2020
billdagou NamelessCoder
Open Redirect in Next.js versions Moderate
CVE-2020-15242 was published for next (npm) Oct 8, 2020
Man-in-the-middle attack in Apache Axis Moderate
CVE-2012-5784 was published for axis:axis (Maven) Oct 7, 2020
Possible timing attack in derivation_endpoint Moderate
CVE-2020-15237 was published for shrine (RubyGems) Oct 5, 2020
esparta
Android WebView Universal Cross-site Scripting Moderate
CVE-2020-6506 was published for react-native-webview (npm) Oct 2, 2020
alesandroortiz
Denial of service in tensorflow-lite Moderate
CVE-2020-15213 was published for tensorflow (pip) Sep 25, 2020
Out of bounds access in tensorflow-lite Moderate
CVE-2020-15211 was published for tensorflow (pip) Sep 25, 2020
Segfault and data corruption in tensorflow-lite Moderate
CVE-2020-15207 was published for tensorflow (pip) Sep 25, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database