GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,615 advisories
Filter by severity
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Moderate
GHSA-2qc6-mcvw-92cw
was published
for
nokogiri
(RubyGems)
Oct 18, 2022
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
Moderate
CVE-2022-2256
was published
for
org.keycloak:keycloak-parent
(Maven)
Sep 23, 2022
oqs's Post-Quantum Key Encapsulation Mechanism SIKE broken
Moderate
GHSA-hrjv-pf36-jpmr
was published
for
oqs
(Rust)
Aug 18, 2022
hyper-staticfile's location header incorporates user input, allowing open redirect
Moderate
GHSA-5wvv-q5fv-2388
was published
for
hyper-staticfile
(Rust)
Dec 30, 2022
Renovate vulnerable to Azure DevOps token leakage in logs
Moderate
GHSA-36rh-ggpr-j3gj
was published
for
renovate
(npm)
Sep 14, 2020
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Moderate
GHSA-v7x3-7hw7-pcjg
was published
for
renovate
(npm)
Oct 21, 2019
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Moderate
GHSA-4qw4-jpp4-8gvp
was published
for
commonmarker
(RubyGems)
Sep 21, 2022
jwcrypto token substitution can lead to authentication bypass
Moderate
CVE-2022-3102
was published
for
jwcrypto
(pip)
Sep 21, 2022
matrix-sdk 0.6.0 logs access tokens
Moderate
GHSA-fc4h-xcf3-qj5f
was published
for
matrix-sdk
(Rust)
Oct 25, 2022
Reflected XSS on clients-registrations endpoint
Moderate
GHSA-m98g-63qj-fp8j
was published
for
org.keycloak:keycloak-parent
(Maven)
Apr 28, 2022
owning_ref vulnerable to multiple soundness issues
Moderate
GHSA-9qxh-258v-666c
was published
for
owning_ref
(Rust)
Aug 10, 2022
Ghost vulnerable to remote code execution in locale setting change
Moderate
GHSA-7v28-g2pq-ggg8
was published
for
ghost
(npm)
Jun 17, 2022
Cross-site Scripting in yapi-vendor
Moderate
CVE-2018-17574
was published
for
yapi-vendor
(npm)
Nov 21, 2018
Workers for local Dask clusters mistakenly listened on public interfaces
Moderate
GHSA-hwqr-f3v9-hwxr
was published
for
distributed
(pip)
Jul 15, 2022
ProTip!
Advisories are also available from the
GraphQL API