GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,000
Erlang
29
GitHub Actions
16
Go
1,787
Maven
5,000+
npm
3,547
NuGet
622
pip
3,143
Pub
10
RubyGems
839
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,613 advisories
Filter by severity
django-markupfield Arbitrary File Read
Moderate
CVE-2015-0846
was published
for
django-markupfield
(pip)
May 17, 2022
Django Cross-site Scripting Vulnerability
Moderate
CVE-2015-2241
was published
for
django
(pip)
May 17, 2022
Cross-site Scripting in OpenCart
Moderate
CVE-2020-10596
was published
for
opencart/opencart
(Composer)
May 6, 2021
SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced
Moderate
GHSA-6xv5-86q9-7xr8
was published
for
github.com/cyphar/filepath-securejoin
(Go)
Sep 7, 2023
Apache CXF vulnerable to Exposure of Sensitive Information
High
CVE-2022-46363
was published
for
org.apache.cxf:cxf-core
(Maven)
Dec 13, 2022
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
Magento 2 Community Edition Incorrect Authorization
Moderate
CVE-2020-24401
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition XSS Vulnerability
Moderate
CVE-2020-24408
was published
for
magento/community-edition
(Composer)
May 24, 2022
October CMS Session ID not invalidated after logout
Critical
CVE-2021-3311
was published
for
october/rain
(Composer)
Feb 10, 2021
Magento 2 Community Edition RCE via Unsafe File Upload
Critical
CVE-2020-24407
was published
for
magento/community-edition
(Composer)
May 24, 2022
OpenCart SQL injection vulnerability
Moderate
CVE-2021-37823
was published
for
opencart/opencart
(Composer)
Nov 3, 2022
marionette-socket-host downloads Resources over HTTP
High
CVE-2016-10648
was published
for
marionette-socket-host
(npm)
Aug 15, 2018
Prototype Pollution in merge-deep
High
CVE-2018-3722
was published
for
merge-deep
(npm)
Jul 26, 2018
Directory Traversal in commentapp.stetsonwood
High
CVE-2017-16143
was published
for
commentapp.stetsonwood
(npm)
Jul 23, 2018
chromedriver126 downloads Resources over HTTP
High
CVE-2016-10609
was published
for
chromedriver126
(npm)
Feb 18, 2019
Django denial of service via file upload naming
Moderate
CVE-2014-0481
was published
for
django
(pip)
May 14, 2022
Prototype Pollution in just-extend
Critical
CVE-2018-16489
was published
for
just-extend
(npm)
Feb 7, 2019
ProTip!
Advisories are also available from the
GraphQL API