Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

28 advisories

SQL injection in Django High
CVE-2020-9402 was published for django (pip) Jun 5, 2020
sunSUNQ
XSS in the `altField` option of the Datepicker widget in jquery-ui Moderate
CVE-2021-41182 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena
XSS in the `of` option of the `.position()` util in jquery-ui Moderate
CVE-2021-41184 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena A-Fitz-Nelnet
XSS in `*Text` options of the Datepicker widget in jquery-ui Moderate
CVE-2021-41183 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena
Deeply nested json in jackson-databind High
CVE-2020-36518 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Mar 12, 2022
farbeiza-enverus stickycode
mr-c victornoel guima Zeouterlimits joschi JoshDM sunSUNQ
Nokogiri affected by zlib's Out-of-bounds Write vulnerability High
CVE-2018-25032 was published for nokogiri (RubyGems) Mar 26, 2022
Path traversal in Hadoop Critical
CVE-2022-26612 was published for org.apache.hadoop:hadoop-common (Maven) Apr 8, 2022
Improper handling of case sensitivity in Spring Framework High
CVE-2022-22968 was published for org.springframework:spring-context (Maven) Apr 15, 2022
tdunlap607 amita-seal
SunBK201
Local Information Disclosure Vulnerability in io.netty:netty-codec-http Moderate
CVE-2022-24823 was published for io.netty:netty-codec-http (Maven) May 10, 2022
JLLeitschuh
Apache Tika vulnerable to uncontrolled memory consumption Moderate
CVE-2022-25169 was published for org.apache.tika:tika (Maven) May 17, 2022
Regular expression denial of service in apache tika Moderate
CVE-2022-30126 was published for org.apache.tika:tika (Maven) May 17, 2022
golang.org/x/net/http vulnerable to ping floods High
CVE-2019-9512 was published for golang.org/x/net (Go) May 24, 2022
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
Regular expression denial of service in apache tika Moderate
CVE-2022-30973 was published for org.apache.tika:tika-core (Maven) Jun 1, 2022
jkmartindale
Apache Tika contains incomplete fix for regex DoS Low
CVE-2022-33879 was published for org.apache.tika:tika (Maven) Jun 28, 2022
golang.org/x/net/http2 Denial of Service vulnerability High
CVE-2022-27664 was published for golang.org/x/net (Go) Sep 7, 2022
westonsteimel
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz coheigea
sonnyhcl Christiaan-de-Wet sunSUNQ
Arbitrary code execution in Apache Commons Text Critical
CVE-2022-42889 was published for com.guicedee.services:commons-text (Maven) Oct 13, 2022
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
HAProxyMessageDecoder Stack Exhaustion DoS Moderate
CVE-2022-41881 was published for io.netty:netty-codec-haproxy (Maven) Dec 12, 2022
Netty vulnerable to HTTP Response splitting from assigning header value iterator Moderate
CVE-2022-41915 was published for io.netty:netty-codec-http (Maven) Dec 12, 2022
rafalambrozewicz anderruiz
JSZip contains Path Traversal via loadAsync High
CVE-2022-48285 was published for jszip (npm) Jan 29, 2023
Kubernetes vulnerable to path traversal Moderate
CVE-2022-3162 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
Ruby Time component ReDoS issue High
CVE-2023-28756 was published for time (RubyGems) Mar 31, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
ProTip! Advisories are also available from the GraphQL API