GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+
305,616 advisories
Filter by severity
GitPython blind local file inclusion
Moderate
CVE-2023-41040
was published
for
GitPython
(pip)
Aug 30, 2023
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Critical
CVE-2023-40267
was published
for
GitPython
(pip)
Aug 11, 2023
PostCSS line return parsing error
Moderate
CVE-2023-44270
was published
for
postcss
(npm)
Sep 30, 2023
Guava vulnerable to insecure use of temporary directory
Moderate
CVE-2023-2976
was published
for
com.google.guava:guava
(Maven)
Jun 14, 2023
sqlparse contains a regular expression that is vulnerable to Regular Expression Denial of Service
Moderate
CVE-2023-30608
was published
for
sqlparse
(pip)
Apr 21, 2023
Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
Moderate
CVE-2023-23931
was published
for
cryptography
(pip)
Feb 7, 2023
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
smarty Cross-site Scripting vulnerability in Javascript escaping
High
CVE-2023-28447
was published
for
smarty/smarty
(Composer)
Mar 29, 2023
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Moderate
CVE-2022-23520
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Vercel ms Inefficient Regular Expression Complexity vulnerability
Moderate
CVE-2017-20162
was published
for
ms
(npm)
Jan 5, 2023
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Moderate
CVE-2022-23519
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Moderate
CVE-2022-23518
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Inefficient Regular Expression Complexity in rails-html-sanitizer
High
CVE-2022-23517
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Uncontrolled Recursion in Loofah
High
CVE-2022-23516
was published
for
loofah
(RubyGems)
Dec 13, 2022
Improper neutralization of data URIs may allow XSS in Loofah
Moderate
CVE-2022-23515
was published
for
loofah
(RubyGems)
Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah
High
CVE-2022-23514
was published
for
loofah
(RubyGems)
Dec 13, 2022
GitPython vulnerable to Remote Code Execution due to improper user input validation
Critical
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
Twisted vulnerable to NameVirtualHost Host header injection
Moderate
CVE-2022-39348
was published
for
twisted
(pip)
Oct 26, 2022
Moment.js vulnerable to Inefficient Regular Expression Complexity
High
CVE-2022-31129
was published
for
Moment.js
(npm)
Jul 6, 2022
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Moderate
CVE-2022-32209
was published
for
rails-html-sanitizer
(RubyGems)
Jun 25, 2022
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
Moderate
CVE-2018-25047
was published
for
smarty/smarty
(Composer)
Sep 16, 2022
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2022-41946
was published
for
org.postgresql:postgresql
(Maven)
Nov 23, 2022
ProTip!
Advisories are also available from the
GraphQL API