Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
CodeIgniter HTTP Header Injection High
CVE-2017-1000247 was published for codeigniter4/framework (Composer) May 17, 2022
RubyGems Improper Input Validation vulnerability Moderate
CVE-2015-4020 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
Credited to jasnow
JBoss RichFaces Improper Input Validation vulnerability Moderate
CVE-2014-0086 was published for org.richfaces:richfaces (Maven) May 17, 2022
Improper Input Validation in IpMatcher Critical
CVE-2021-33318 was published for IpMatcher (NuGet) May 17, 2022
Typo3 Host Header Spoofing Vulnerability Moderate
CVE-2014-3941 was published for typo3/cms (Composer) May 14, 2022
Jenkins has CRLF Injection Vulnerability in the CLI Moderate
CVE-2016-0789 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows Deserialization of Untrusted Data via an XML File High
CVE-2016-0792 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Input Validation in Apache Tomcat Moderate
CVE-2011-4858 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Arbitrary file write in Apache Commons Fileupload High
CVE-2013-2186 was published for commons-fileupload:commons-fileupload (Maven) May 14, 2022
MarkLee131
Credited to MarkLee131
Cobbler vulnerable to arbitrary code execution Critical
CVE-2017-1000469 was published for cobbler (pip) May 14, 2022
Django Vulnerable to Cache Poisoning High
CVE-2011-4139 was published for Django (pip) May 14, 2022
Django Might Allow CSRF Requests via URL Verification High
CVE-2011-4138 was published for Django (pip) May 14, 2022
Arbitrary file write in NumPy High
CVE-2014-1858 was published for numpy (pip) May 14, 2022
jhutchings1
Credited to jhutchings1
MitM on Jenkins Maven Plugin Moderate
CVE-2017-1000397 was published for org.jenkins-ci.main:maven-plugin (Maven) May 14, 2022
q5438722
Credited to q5438722
Jenkins Swarm Plugin Client vulnerable to man-in-the-middle attacks Moderate
CVE-2017-1000402 was published for org.jenkins-ci.plugins:swarm-client (Maven) May 14, 2022
Apache NiFi XSS issue in context path handling Critical
CVE-2017-15697 was published for org.apache.nifi:nifi (Maven) May 14, 2022
Apache NiFi host header poisoning issue High
CVE-2017-12632 was published for org.apache.nifi:nifi (Maven) May 14, 2022
Matrix Synapse DoS High
CVE-2018-10657 was published for matrix-synapse (pip) May 14, 2022
Moodle Portfolio script allows instantiation of class chosen by user High
CVE-2018-1137 was published for moodle/moodle (Composer) May 14, 2022
Improper Input Validation in Apache Struts High
CVE-2015-0899 was published for org.apache.struts:struts-core (Maven) May 14, 2022
ryanmurf
Credited to ryanmurf
Special top object can be used to access Struts' internals High
CVE-2015-5209 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
Apache Struts vulnerable to possible DoS attack when using URLValidator Moderate
CVE-2016-8738 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Apache Struts RCE Vulnerability High
CVE-2016-3090 was published for org.apache.struts:struts2-parent (Maven) May 14, 2022
Improper Input Validation in Deap Critical
CVE-2018-3749 was published for deap (npm) May 14, 2022
Auth0 angular-jwt misinterprets allowlist as regex Moderate
CVE-2018-11537 was published for angular-jwt (npm) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database