GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,878
Maven
5,000+
npm
3,602
NuGet
638
pip
3,203
Pub
10
RubyGems
852
Rust
814
Swift
35
Unreviewed advisories
All unreviewed
5,000+
19,932 advisories
Filter by severity
Keycloak vulnerable to infinite loop based Denial of Service
High
CVE-2017-2646
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Keycloak vulnerable to uncontrolled resource consumption
High
CVE-2014-3651
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Critical
CVE-2016-4800
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
High
CVE-2016-7051
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
OrientDB-Server vulnerable to Cross-Site Request Forgery
High
CVE-2015-2912
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
High
CVE-2022-2668
was published
for
org.keycloak:keycloak-parent
(Maven)
Sep 23, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
jackson-dataformat-xml vulnerable to XML external entity (XXE)
Critical
CVE-2016-3720
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
Parse Server before v3.4.1 vulnerable to Denial of Service
High
CVE-2019-1020012
was published
for
parse-server
(npm)
Jun 13, 2019
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
High
GHSA-gmhj-xjfh-cf6m
was published
for
github.com/mohammed90/caddy-ssh
(Go)
Sep 23, 2022
Vulnerable OpenSSL included in cryptography wheels
Moderate
GHSA-39hc-v87j-747x
was published
for
cryptography
(pip)
Nov 2, 2022
Batched HTTP requests may set incorrect `cache-control` response header
Moderate
GHSA-8r69-3cvp-wxc3
was published
for
@apollo/server
(npm)
Nov 2, 2022
ckb: Transaction header_deps validation issue (network forking)
Critical
GHSA-7fw6-6mfj-g3q2
was published
for
ckb
(Rust)
Nov 2, 2022
ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.
Moderate
GHSA-9mfc-chwf-7whf
was published
for
ckb
(Rust)
Nov 2, 2022
ckb type_id script resume may randomly fail
High
GHSA-mcmr-49x3-4jqm
was published
for
ckb
(Rust)
Nov 2, 2022
Package discontinued because Bitly lowered the free quota
Low
GHSA-ggrh-grj3-vfvw
was published
for
bitlyshortener
(pip)
Nov 28, 2022
Phoenix-ws source code and data in extensions folder is publicly available
High
GHSA-c8f7-x2g7-7fxj
was published
for
phoenix-ws
(pip)
Jun 2, 2022
Generated code can read and write out of bounds in safe code
Critical
GHSA-3jch-9qgp-4844
was published
for
flatbuffers
(Rust)
Jun 16, 2022
Incorrect default cookie name and recommendation
Low
GHSA-jjmg-x456-w976
was published
for
csrf-csrf
(npm)
Oct 10, 2022
Improper handling of multiline messages in node-irc
High
GHSA-52rh-5rpj-c3w6
was published
for
matrix-org-irc
(npm)
May 5, 2022
Cryptographically Weak PRNG in generate-password
Moderate
GHSA-6qqf-vvcr-7qrv
was published
for
generate-password
(npm)
May 23, 2019
Cross-Site Scripting in simditor
Moderate
CVE-2018-19048
was published
for
simditor
(npm)
May 14, 2019
XML external entity (XXE) vulnerability
High
GHSA-c8m9-mh38-97p9
was published
for
org.jpmml:pmml-model
(Maven)
Feb 24, 2021
•
withdrawn
Server-Side Request Forgery in terriajs-server
High
GHSA-p72p-rjr2-r439
was published
for
terriajs-server
(npm)
May 29, 2019
ProTip!
Advisories are also available from the
GraphQL API