Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,639
Maven
5,000+
npm
4,265
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Improper Input Validation in Apache Santuario XML Security Moderate
CVE-2014-8152 was published for org.apache.santuario:xmlsec (Maven) May 13, 2022
MarkLee131
Credited to MarkLee131
Improper Input Validation in JGroups Critical
CVE-2016-2141 was published for org.jgroups:jgroups (Maven) May 13, 2022
sharonbz
Credited to sharonbz
Remote code execution in PATCH requests in Spring Data REST Critical
CVE-2017-8046 was published for org.springframework.data:spring-data-rest-core (Maven) May 13, 2022
Improper Input Validation in Jenkins High
CVE-2018-1999002 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Input Validation in Jenkins High
CVE-2018-1999001 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Input Validation in k8s.io/ingress-nginx High
CVE-2021-25745 was published for k8s.io/ingress-nginx (Go) May 7, 2022
Tenant and Verifier might not use the same registrar data Critical
CVE-2022-1053 was published for keylime (pip) May 5, 2022
THS-on
Credited to THS-on
Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload Moderate
CVE-2013-0331 was published for org.jenkins-ci.main:jenkins-core (Maven) May 5, 2022
Bundler may install gems from a different source than expected Moderate
CVE-2013-0334 was published for bundler (RubyGems) May 5, 2022
jasnow
Credited to jasnow
PDFKit Improper Input Validation vulnerability Critical
CVE-2013-1607 was published for pdfkit (RubyGems) May 5, 2022
pyrad uses sequential packet IDs Moderate
CVE-2013-0342 was published for pyrad (pip) May 5, 2022
ReviewBoard and Djblets library are vulnerable to code execution Critical
CVE-2013-4409 was published for ReviewBoard (pip) May 5, 2022
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass High
CVE-2013-4751 was published for symfony/symfony (Composer) May 5, 2022
Apache Struts Remote Java Code Execution Critical
CVE-2012-0391 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ
Credited to sunSUNQ
Denial of service vulnerability exists in libxmljs High
CVE-2022-21144 was published for libxmljs (npm) May 3, 2022
Improper input validation in Mort Bay Jetty High
CVE-2009-4611 was published for org.mortbay.jetty:jetty (Maven) May 2, 2022
phpMyAdmin HTTP Response Splitting Vulnerability High
CVE-2009-1149 was published for phpmyadmin/phpmyadmin (Composer) May 2, 2022
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection High
CVE-2009-0258 was published for typo3/cms (Composer) May 2, 2022
Apache Tomcat Denial of Service via Malformed Request Headers Moderate
CVE-2009-0033 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
Trac Open Redirect vulnerability Moderate
CVE-2008-2951 was published for trac (pip) May 1, 2022
Improper Input Validation in pyftpdlib High
CVE-2007-6739 was published for pyftpdlib (pip) May 1, 2022
OpenSymphony XWork vulnerable to improper input validation Moderate
CVE-2007-4556 was published for opensymphony:xwork (Maven) May 1, 2022
Moodle does not properly validate module instance id Moderate
CVE-2006-4936 was published for moodle/moodle (Composer) May 1, 2022
Improper Input Validation in Mortbay Jetty Moderate
CVE-2006-2759 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Apache Struts vulnerable to Improper Input Validation High
CVE-2006-1546 was published for struts:struts (Maven) May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database