GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,648
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,984
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
106 advisories
Filter by severity
False-negative validation results in MINT transactions with invalid baton
Critical
CVE-2020-11071
was published
for
slpjs
(npm)
May 12, 2020
False-negative validation results in MINT transactions with invalid baton
Critical
CVE-2020-11072
was published
for
slp-validate
(npm)
May 12, 2020
False-positive validity for NFT1 genesis transactions in SLPJS
Critical
CVE-2020-15130
was published
for
slpjs
(npm)
Jul 30, 2020
False-positive validity for NFT1 genesis transactions
Critical
CVE-2020-15131
was published
for
slp-validate
(npm)
Jul 30, 2020
Regular Expression Denial of Service in Leo Editor
High
CVE-2020-23478
was published
for
leo
(pip)
Sep 23, 2021
In search engine service, there is a possible way to change the default search engine due to an...
Moderate
Unreviewed
CVE-2022-20072
was published
Apr 12, 2022
chatwoot is vulnerable to Inefficient Regular Expression Complexity
High
Unreviewed
CVE-2021-3649
was published
May 24, 2022
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a...
Critical
Unreviewed
CVE-2021-27786
was published
Jun 10, 2022
Regular expression denial of service in react-native
High
CVE-2020-1920
was published
for
react-native
(npm)
Jul 20, 2021
Timing attack on HMAC signature comparison in Apache Tapestry
Critical
CVE-2019-10071
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Sep 26, 2019
An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent...
Moderate
Unreviewed
CVE-2022-22203
was published
Jul 21, 2022
SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream...
Moderate
Unreviewed
CVE-2022-35091
was published
Sep 25, 2022
JetBrains Ktor before 2.1.0 was vulnerable to a Reflect File Download attack
Moderate
CVE-2022-38179
was published
for
io.ktor:ktor
(Maven)
Aug 13, 2022
Regular expression denial of service in eth-account
Moderate
CVE-2022-1930
was published
for
eth-account
(pip)
Aug 23, 2022
A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic....
Critical
Unreviewed
CVE-2014-125057
was published
Jan 7, 2023
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
High
Unreviewed
CVE-2020-8864
was published
May 24, 2022
An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores...
Moderate
Unreviewed
CVE-2019-20634
was published
May 24, 2022
A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC...
High
Unreviewed
CVE-2020-13559
was published
May 24, 2022
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where...
Critical
Unreviewed
CVE-2020-23360
was published
May 24, 2022
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for...
Critical
Unreviewed
CVE-2020-23361
was published
May 24, 2022
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because...
Critical
Unreviewed
CVE-2020-23359
was published
May 24, 2022
A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c...
Moderate
Unreviewed
CVE-2021-20219
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
High
Unreviewed
CVE-2021-34865
was published
Jan 26, 2022
ProTip!
Advisories are also available from the
GraphQL API