Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,000
Erlang
29
GitHub Actions
16
Go
1,787
Maven
5,000+
npm
3,547
NuGet
622
pip
3,143
Pub
10
RubyGems
839
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,613 advisories

Loading
django-markupfield Arbitrary File Read Moderate
CVE-2015-0846 was published for django-markupfield (pip) May 17, 2022
Django Cross-site Scripting Vulnerability Moderate
CVE-2015-2241 was published for django (pip) May 17, 2022
Cross-site Scripting in OpenCart Moderate
CVE-2020-10596 was published for opencart/opencart (Composer) May 6, 2021
SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced Moderate
GHSA-6xv5-86q9-7xr8 was published for github.com/cyphar/filepath-securejoin (Go) Sep 7, 2023
pjbgf
Apache CXF vulnerable to Exposure of Sensitive Information High
CVE-2022-46363 was published for org.apache.cxf:cxf-core (Maven) Dec 13, 2022
pavelarnost
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
Magento 2 Community Edition Incorrect Authorization Moderate
CVE-2020-24401 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition XSS Vulnerability Moderate
CVE-2020-24408 was published for magento/community-edition (Composer) May 24, 2022
October CMS Session ID not invalidated after logout Critical
CVE-2021-3311 was published for october/rain (Composer) Feb 10, 2021
Magento 2 Community Edition RCE via Unsafe File Upload Critical
CVE-2020-24407 was published for magento/community-edition (Composer) May 24, 2022
OpenCart SQL injection vulnerability Moderate
CVE-2021-37823 was published for opencart/opencart (Composer) Nov 3, 2022
Command Injection in libnmap Moderate
CVE-2018-16461 was published for libnmap (npm) Nov 1, 2018
marionette-socket-host downloads Resources over HTTP High
CVE-2016-10648 was published for marionette-socket-host (npm) Aug 15, 2018
Prototype Pollution in merge-deep High
CVE-2018-3722 was published for merge-deep (npm) Jul 26, 2018
node-fabric is malware High
CVE-2017-16052 was published for node-fabric (npm) Jul 23, 2018
Prototype Pollution in mpath High
CVE-2018-16490 was published for mpath (npm) Feb 7, 2019
Valine HTML Injection Moderate
CVE-2018-19289 was published for valine (npm) Nov 21, 2018
coffe-script is malware High
CVE-2017-16203 was published for coffe-script (npm) Aug 6, 2018
Directory Traversal in commentapp.stetsonwood High
CVE-2017-16143 was published for commentapp.stetsonwood (npm) Jul 23, 2018
chromedriver126 downloads Resources over HTTP High
CVE-2016-10609 was published for chromedriver126 (npm) Feb 18, 2019
fabric-js is malware High
CVE-2017-16053 was published for fabric-js (npm) Jul 23, 2018
Cross-Site Scripting in forms Moderate
CVE-2017-16015 was published for forms (npm) Nov 9, 2018
Django denial of service via file upload naming Moderate
CVE-2014-0481 was published for django (pip) May 14, 2022
Prototype Pollution in just-extend Critical
CVE-2018-16489 was published for just-extend (npm) Feb 7, 2019
opencv.js is malware High
CVE-2017-16066 was published for opencv.js (npm) Aug 29, 2018
ProTip! Advisories are also available from the GraphQL API