Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
SabreDAV Directory Traversal vulnerability Moderate
CVE-2013-1939 was published for sabre/dav (Composer) May 14, 2022
httplib2 incorrectly checks SSL certificate Moderate
CVE-2013-2037 was published for httplib2 (pip) May 14, 2022
Apache Struts Code injection due to conversion error High
CVE-2012-0838 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Improper Input Validation in Apache Spark High
CVE-2018-11804 was published for org.apache.spark:spark-core (Maven) May 14, 2022
i18n Vulnerable to Denial of Service Attack High
CVE-2014-10077 was published for i18n (RubyGems) May 14, 2022
jhutchings1
Credited to jhutchings1
Improper Input Validation in Apache Karaf Moderate
CVE-2014-0219 was published for org.apache.karaf:apache-karaf (Maven) May 14, 2022
Sylabs Singularity Improper Input Validation High
CVE-2018-19295 was published for github.com/sylabs/singularity (Go) May 14, 2022
Withdrawn Advisory: OnionShare Predictable Pathname High
CVE-2018-19960 was published for onionshare-cli (pip) May 14, 2022 withdrawn
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7600 was published for drupal/core (Composer) May 14, 2022
Improper Input Validation Apache Commons Email High
CVE-2018-1294 was published for org.apache.commons:commons-email (Maven) May 14, 2022
Improper Input Validation in .Net Framework API's Moderate
CVE-2019-0657 was published for Microsoft.NETCore.App (NuGet) May 14, 2022
Improper Input Validation in Jetty Moderate
CVE-2011-4461 was published for org.eclipse.jetty:jetty-server (Maven) May 14, 2022
phpMyAdmin DoS Vulnerability High
CVE-2017-1000014 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin DoS Vulnerability High
CVE-2017-1000018 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Improper Input Validation in Apache Tomcat Moderate
CVE-2011-2526 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Improper Input Validation in Apache ActiveMQ Critical
CVE-2016-3088 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions Moderate
CVE-2012-3544 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Apache Tomcat is vulnerable to HTTP request-smuggling Moderate
CVE-2013-4286 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0033 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0227 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
MarkLee131
Credited to MarkLee131
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0096 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Apache Struts forced double OGNL evaluation High
CVE-2016-4461 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
SimpleSAMLphp InfoCard module Incorrect signature verification High
CVE-2017-12874 was published for simplesamlphp/simplesamlphp-module-infocard (Composer) May 14, 2022
Improper Input Validation in Jenkins Low
CVE-2017-1000401 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Input Validation in Jenkins High
CVE-2017-1000394 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database