Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,575 advisories

Loading
Potential access control security issue in apollo-adminservice High
CVE-2020-15170 was published for com.ctrip.framework.apollo:apollo-core (Maven) Oct 2, 2020
Unpreventable top-level navigation High
CVE-2020-15174 was published for electron (npm) Oct 6, 2020
masatokinugawa
Credited to masatokinugawa
Man-in-the-middle attack in Apache Axis Moderate
CVE-2012-5784 was published for axis:axis (Maven) Oct 7, 2020
Prototype pollution in object-path High
CVE-2020-15256 was published for object-path (npm) Oct 19, 2020
alromh87 JamieSlome
Asjidkalam huntr-helper
Credited to alromh87, JamieSlome, Asjidkalam, and huntr-helper
Vulnerability in RPKI manifest validation High
GHSA-q76j-58cx-wp5v was published for net.ripe.rpki:rpki-validator-3 (Maven) Nov 13, 2020
Denial of service attack due to invalid JSON High
CVE-2020-26890 was published for matrix-synapse (pip) Nov 24, 2020
dkasak
Credited to dkasak
Memory leak in Nanopb Moderate
CVE-2020-26243 was published for nanopb (pip) Nov 25, 2020
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Credited to RunDevelopment, erik-krogh, and kurt-r2c
CHECK-fail in LSTM with zero-length input in TensorFlow Moderate
CVE-2020-26270 was published for tensorflow (pip) Dec 10, 2020
Denial of Service in i18n High
CVE-2020-7791 was published for i18n (NuGet) Dec 14, 2020
Hostname spoofing via backslashes in URL Moderate
CVE-2020-26291 was published for urijs (npm) Dec 30, 2020
alesandroortiz
Credited to alesandroortiz
URIjs Hostname spoofing via backslashes in URL High
CVE-2021-27516 was published for urijs (npm) Mar 1, 2021
Yaniv-git
Credited to Yaniv-git
Prefix escape Critical
CVE-2021-21321 was published for fastify-reply-from (npm) Mar 3, 2021
Prefix escape Low
CVE-2021-21322 was published for fastify-http-proxy (npm) Mar 3, 2021
Improper Input Validation (RCE) High
CVE-2021-26814 was published for wazuh (npm) Mar 18, 2021
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27923 was published for pillow (pip) Mar 18, 2021
sunSUNQ
Credited to sunSUNQ
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27921 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
Credited to sunSUNQ
Pillow Uncontrolled Resource Consumption High
CVE-2021-27922 was published for pillow (pip) Mar 18, 2021
sunSUNQ
Credited to sunSUNQ
Regular Expression Denial-of-Service in npm schema-inspector High
CVE-2021-21267 was published for schema-inspector (npm) Mar 19, 2021
erik-krogh
Credited to erik-krogh
Cross-site Scripting (XSS) in Django REST Framework Moderate
CVE-2020-25626 was published for djangorestframework (pip) Mar 19, 2021
Broken Access Control in Form Framework High
CVE-2021-21357 was published for typo3/cms (Composer) Mar 23, 2021
sushiwushi waldhacker1
Credited to sushiwushi and waldhacker1
Improper Input Validation in PyYAML Critical
CVE-2020-14343 was published for PyYAML (pip) Mar 25, 2021
Prototype Pollution in y18n High
CVE-2020-7774 was published for y18n (npm) Mar 29, 2021
netmask npm package mishandles octal input data Moderate
CVE-2021-29418 was published for netmask (npm) Mar 29, 2021
Improper Input Validation in sopel-plugins.channelmgnt High
CVE-2021-21431 was published for sopel-plugins.channelmgnt (pip) Apr 9, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database