GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Untrusted Query Object Evaluation in RPC API
High
GHSA-64f8-pjgr-9wmr
was published
for
surrealdb
(Rust)
Sep 11, 2024
Winter CMS Server-Side Template Injection (SSTI) vulnerability
High
CVE-2024-29686
was published
for
wintercms/winter
(Composer)
Mar 29, 2024
Black vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2024-21503
was published
for
black
(pip)
Mar 19, 2024
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Moderate
CVE-2023-6134
was published
for
org.keycloak:keycloak-services
(Maven)
Dec 18, 2023
Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Moderate
GHSA-5968-qw33-h47j
was published
for
org.keycloak:keycloak-services
(Maven)
Dec 15, 2023
•
withdrawn
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
Critical
CVE-2023-40743
was published
for
axis:axis
(Maven)
Sep 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter
High
CVE-2023-1758
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
rdiffweb vulnerable to Special Element Injection
Moderate
CVE-2022-4721
was published
for
rdiffweb
(pip)
Dec 27, 2022
OctoPrint vulnerable to Special Element Injection
Moderate
CVE-2022-3607
was published
for
OctoPrint
(pip)
Oct 19, 2022
Cachet configuration leak
High
CVE-2021-39174
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Special Element Injection in notebook
High
CVE-2021-32798
was published
for
notebook
(pip)
Aug 23, 2021
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
High
CVE-2021-32797
was published
for
jupyterlab
(pip)
Aug 23, 2021
ProTip!
Advisories are also available from the
GraphQL API