Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

10,560 advisories

Loading
In RubyGem excon, interrupted Persistent Connections May Leak Response Data Moderate
CVE-2019-16779 was published for excon (RubyGems) Dec 16, 2019
Object injection in cookie driver in phpfastcache Moderate
CVE-2019-16774 was published for phpfastcache/phpfastcache (Composer) Dec 12, 2019
Geolim4
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria Moderate
GHSA-35fr-h7jr-hh86 was published for com.linecorp.armeria:armeria (Maven) Dec 6, 2019
JLLeitschuh
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack Moderate
CVE-2019-16770 was published for puma (RubyGems) Dec 5, 2019
Cross-Site Scripting in serialize-javascript Moderate
CVE-2019-16769 was published for serialize-javascript (npm) Dec 5, 2019
Low severity vulnerability that affects com.linecorp.armeria:armeria Moderate
CVE-2019-16771 was published for com.linecorp.armeria:armeria (Maven) Dec 5, 2019
SunBK201
Validation bypass is possible in Json Pattern Validator Moderate
CVE-2019-19507 was published for jpv (npm) Dec 4, 2019
Apache NiFi process group information disclosure Moderate
CVE-2019-10083 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
Apache NiFi information disclosure by XXE Moderate
CVE-2019-10080 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
Pomelo allows external control of critical state data Moderate
CVE-2019-18954 was published for pomelo (npm) Dec 2, 2019
Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA Moderate
GHSA-2mrj-435v-c2cr was published for ecdsa (pip) Dec 2, 2019 withdrawn
Cross-Site Scripting in iobroker.web Moderate
CVE-2019-10771 was published for iobroker.web (npm) Dec 2, 2019
Unescaped exception messages in error responses in Jetty Moderate
CVE-2019-17632 was published for org.eclipse.jetty:jetty-server (Maven) Dec 2, 2019
User enumeration leak using switch user functionality in Symfony Moderate
CVE-2019-18886 was published for symfony/security-http (Composer) Dec 2, 2019
Data leakage via SQL Injection in Pimcore Moderate
CVE-2019-10763 was published for pimcore/pimcore (Composer) Dec 2, 2019
2FA bypass in Wagtail through new device path Moderate
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
Pannellum Cross-Site Scripting due to data not being sanitized for URIs or vbscript Moderate
CVE-2019-16763 was published for pannellum (npm) Nov 22, 2019
max-schaefer
Apache Airflow vulnerable to XSS and local file disclosure Moderate
CVE-2019-12417 was published for airflow (pip) Nov 22, 2019
sunSUNQ
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke Moderate
CVE-2019-12562 was published for DotNetNuke.Core (NuGet) Nov 18, 2019
The rack-cors rubygem may allow directory traveral Moderate
CVE-2019-18978 was published for rack-cors (RubyGems) Nov 15, 2019
Lack of access control on upoaded files Moderate
CVE-2019-12245 was published for silverstripe/assets (Composer) Nov 12, 2019
Session fixation in change password form Moderate
CVE-2019-12203 was published for silverstripe/framework (Composer) Nov 12, 2019
SilverStripe Versioned Files module Unpublished files are exposed publicly Moderate
CVE-2019-16409 was published for silverstripe/framework (Composer) Nov 12, 2019
Symfony Cross-site Scripting (XSS) vulnerability Moderate
CVE-2019-10909 was published for drupal/core (Composer) Nov 12, 2019
Composer JavaScript injection possible via html comments Moderate
CVE-2019-8233 was published for magento/community-edition (Composer) Nov 12, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database