GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
256,257 advisories
Filter by severity
Improper Input Validation in yargs-parser
Moderate
Unreviewed
GHSA-ghmj-crg5-xw2j
was published
Feb 15, 2022
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka ...
Moderate
Unreviewed
CVE-2020-0905
was published
May 24, 2022
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an...
High
Unreviewed
CVE-2021-33056
was published
May 24, 2022
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to...
Moderate
Unreviewed
CVE-2021-37352
was published
May 24, 2022
Server secret was included in static assets and served to clients
Critical
GHSA-r587-7jh2-4qr3
was published
for
flood
(npm)
Aug 26, 2020
Cross-site Scripting in yapi-vendor
Moderate
CVE-2018-17574
was published
for
yapi-vendor
(npm)
Nov 21, 2018
Ghost vulnerable to remote code execution in locale setting change
Moderate
GHSA-7v28-g2pq-ggg8
was published
for
ghost
(npm)
Jun 17, 2022
owning_ref vulnerable to multiple soundness issues
Moderate
GHSA-9qxh-258v-666c
was published
for
owning_ref
(Rust)
Aug 10, 2022
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow
High
GHSA-xq3c-8gqm-v648
was published
for
async-graphql
(Rust)
Jul 29, 2022
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
Keycloak is vulnerable to IDN homograph attack
Low
GHSA-mwm4-5qwr-g9pf
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
URL Rewrite vulnerability in multiple zendframework components
High
GHSA-f6p5-76fp-m248
was published
for
zendframework/zend-diactoros
(Composer)
Apr 28, 2022
Reflected XSS on clients-registrations endpoint
Moderate
GHSA-m98g-63qj-fp8j
was published
for
org.keycloak:keycloak-parent
(Maven)
Apr 28, 2022
lz4-sys vulnerable to memory corruption via issue in liblz4
Critical
GHSA-9q5j-jm53-v7vr
was published
for
lz4-sys
(Rust)
Sep 1, 2022
matrix-sdk 0.6.0 logs access tokens
Moderate
GHSA-fc4h-xcf3-qj5f
was published
for
matrix-sdk
(Rust)
Oct 25, 2022
Chrono has potential segfault issue in SPIFFE authenticator
Low
GHSA-45w3-v3g4-54pm
was published
for
parsec-service
(Rust)
Feb 11, 2022
autogluon.multimodal vulnerable to unsafe YAML deserialization
High
GHSA-6h2x-4gjf-jc5w
was published
for
autogluon.multimodal
(pip)
Sep 21, 2022
jwcrypto token substitution can lead to authentication bypass
Moderate
CVE-2022-3102
was published
for
jwcrypto
(pip)
Sep 21, 2022
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Moderate
GHSA-4qw4-jpp4-8gvp
was published
for
commonmarker
(RubyGems)
Sep 21, 2022
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Moderate
GHSA-v7x3-7hw7-pcjg
was published
for
renovate
(npm)
Oct 21, 2019
Renovate vulnerable to Azure DevOps token leakage in logs
Moderate
GHSA-36rh-ggpr-j3gj
was published
for
renovate
(npm)
Sep 14, 2020
Object state limitation has no effect
Critical
GHSA-w8qp-hmh5-4v9v
was published
for
ezsystems/ezplatform-kernel
(Composer)
Apr 29, 2022
Object state limitation has no effect
Critical
GHSA-gvj8-4cj4-h776
was published
for
ibexa/core
(Composer)
Apr 29, 2022
Denial of service in ASP.NET Core
High
CVE-2018-8269
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
ProTip!
Advisories are also available from the
GraphQL API