Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
Cross site scripting in comrak Moderate
CVE-2021-27671 was published for comrak (Rust) Aug 25, 2021
tdunlap607
Cross-site Scripting in github.com/schollz/rwtxt Moderate
CVE-2021-20848 was published for github.com/schollz/rwtxt (Go) Nov 29, 2021
tdunlap607
Excessive memory allocation Moderate
CVE-2018-12541 was published for io.vertx:vertx-core (Maven) Oct 17, 2018
tdunlap607
LibreNMS vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-36745 was published for librenms/librenms (Composer) Aug 31, 2022
tdunlap607
Cross-site Scripting in comrak Moderate
CVE-2021-38186 was published for comrak (Rust) Aug 25, 2021
tdunlap607
Velociraptor subject to Path Traversal Moderate
CVE-2023-0290 was published for www.velocidex.com/golang/velociraptor (Go) Jan 19, 2023
tdunlap607
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-7p7c-pvvx-2vx3 was published for hyper-staticfile (Rust) Dec 5, 2022
tdunlap607
Status Board vulnerable to Cross-Site Scripting before v1.1.82 Moderate
CVE-2019-15479 was published for status-board (npm) Sep 23, 2019
tdunlap607
User login denial of service in github.com/google/fscrypt Moderate
CVE-2022-25327 was published for github.com/google/fscrypt (Go) Feb 26, 2022
tdunlap607
Concrete CMS vulnerable to Cross-site Scripting Moderate
CVE-2022-43688 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
qiita-markdown Cross-site Scripting vulnerability Moderate
CVE-2021-28833 was published for qiita-markdown (RubyGems) Aug 2, 2021
tdunlap607
Cross-site Scripting in Apereo CAS Moderate
CVE-2021-42567 was published for org.apereo.cas:cas-server-core-web (Maven) Dec 10, 2021
tdunlap607
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext Moderate
GHSA-fxwm-rx68-p5vx was published for ezsystems/ezplatform-richtext (Composer) Dec 1, 2021
tdunlap607
php-mod/curl allows Cross-site Scripting Moderate
CVE-2021-30134 was published for php-mod/curl (Composer) Dec 26, 2022
tdunlap607
Cross-Site Scripting in webtorrent Moderate
CVE-2019-15782 was published for webtorrent (npm) Sep 4, 2019
tdunlap607
Cross-Site Scripting in c3 Moderate
CVE-2016-1000240 was published for c3 (npm) Sep 1, 2020
tdunlap607
Exposure of Sensitive Information to an Unauthorized Actor in LemMinX Moderate
CVE-2022-0672 was published for org.eclipse.lemminx:lemminx-parent (Maven) Feb 19, 2022
tdunlap607
XSS vulnerability in Jenkins Gatling Plugin Moderate
CVE-2020-2173 was published for org.jenkins-ci.plugins:gatling (Maven) May 24, 2022
NotMyFault tdunlap607
Cross-Site Request Forgery in Drupal core Moderate
CVE-2020-13674 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Improper Access Control in github.com/treeverse/lakefs Moderate
GHSA-m836-gxwq-j2pm was published for github.com/treeverse/lakefs (Go) Oct 28, 2021
eden-ohana tdunlap607
DOM XSS in Theme Preview Moderate
CVE-2021-29484 was published for ghost (npm) Apr 29, 2021
tdunlap607
Privilege escalation in Strongbox Moderate
GHSA-mhgm-52vg-pvvc was published for com.schibsted.security:strongbox-sdk (Maven) Feb 16, 2023
tdunlap607
Cross-Site Scripting in webpack-bundle-analyzer Moderate
GHSA-pgr8-jg6h-8gw6 was published for webpack-bundle-analyzer (npm) May 23, 2019
tdunlap607
Space bug in `clean_text` Moderate
GHSA-p2g9-94wh-65c2 was published for ammonia (Rust) Jun 16, 2022
tdunlap607
Deserialization of Untrusted Data in ParlAI Moderate
CVE-2021-24040 was published for parlai (pip) Sep 13, 2021
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database