GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,714 advisories
Filter by severity
Reflected XSS on clients-registrations endpoint
Moderate
GHSA-m98g-63qj-fp8j
was published
for
org.keycloak:keycloak-parent
(Maven)
Apr 28, 2022
Keycloak is vulnerable to IDN homograph attack
Low
GHSA-mwm4-5qwr-g9pf
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
URL Rewrite vulnerability in multiple zendframework components
High
GHSA-f6p5-76fp-m248
was published
for
zendframework/zend-diactoros
(Composer)
Apr 28, 2022
hyper-staticfile's location header incorporates user input, allowing open redirect
Moderate
GHSA-5wvv-q5fv-2388
was published
for
hyper-staticfile
(Rust)
Dec 30, 2022
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
Moderate
CVE-2022-2256
was published
for
org.keycloak:keycloak-parent
(Maven)
Sep 23, 2022
Potential inter-blockchain communication (IBC) protocol compromise via "Dragonberry" vulnerability in cheqd
High
GHSA-j92c-mmf7-j5x5
was published
for
github.com/cheqd/cheqd-node
(Go)
Oct 18, 2022
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page
Moderate
GHSA-2fvv-qxrq-7jq6
was published
for
apollo-server-core
(npm)
Aug 18, 2022
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Moderate
GHSA-98pf-gfh3-x3mp
was published
for
readthedocs
(npm)
Nov 10, 2022
Redwood is vulnerable to account takeover via dbAuth "forgot-password"
High
GHSA-3qmc-2r76-4rqp
was published
for
@redwoodjs/api
(npm)
Nov 10, 2022
DSInternals Credential Roaming Elevation of Privilege Vulnerability
Moderate
GHSA-vx2x-9cff-fhjw
was published
for
DSInternals.Common
(NuGet)
Dec 6, 2022
Improper handling of multiline messages in node-irc
High
GHSA-52rh-5rpj-c3w6
was published
for
matrix-org-irc
(npm)
May 5, 2022
XML external entity (XXE) vulnerability
High
GHSA-c8m9-mh38-97p9
was published
for
org.jpmml:pmml-model
(Maven)
Feb 24, 2021
•
withdrawn
Cross-Site Scripting in JSPWiki
Moderate
CVE-2019-10076
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
Reflected Cross-Site Scripting in jquery.terminal
Moderate
GHSA-2hwp-g4g7-mwwj
was published
for
jquery.terminal
(npm)
May 29, 2019
NoSQL Injection in loopback-connector-mongodb
High
GHSA-m734-r4g6-34f9
was published
for
loopback-connector-mongodb
(npm)
Jun 4, 2019
Cross-Site Scripting via JSONP
Moderate
GHSA-28hp-fgcr-2r4h
was published
for
angular
(npm)
Jun 27, 2019
Backdoor / Malicious code
Critical
GHSA-q2hm-gx3f-h63q
was published
for
lita-coin
(RubyGems)
Feb 23, 2021
•
withdrawn
Segmentation faultin TensorFlow when converting a Python string to `tf.float16`
High
CVE-2020-5215
was published
for
tensorflow
(pip)
Jan 28, 2020
Link injection in SimpleSAMLphp
Low
GHSA-2r3v-q9x3-7g46
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Log injection in SimpleSAMLphp
Low
CVE-2020-5225
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Improper input validation in Apache Olingo
High
CVE-2019-17555
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
Persistent XSS vulnerability in filename of attached file in PrivateBin
Moderate
CVE-2020-5223
was published
for
privatebin/privatebin
(Composer)
Jan 14, 2020
Unrestricted upload of file with dangerous type in Apache Solr
Critical
CVE-2019-12409
was published
for
org.apache.solr:solr-core
(Maven)
Jan 28, 2020
ProTip!
Advisories are also available from the
GraphQL API