GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
jQuery-Upload-File XSS in fileNameStr
Moderate
CVE-2021-37504
was published
for
jquery-file-upload
(npm)
Feb 26, 2022
CherryPy Malicious cookies allow access to files outside the session directory
High
CVE-2008-0252
was published
for
cherrypy
(pip)
May 1, 2022
Roundup vulnerability related to Cross-site scripting (XSS)
Moderate
CVE-2008-1474
was published
for
roundup
(pip)
May 1, 2022
Roundup xml-rpc server improper check of property permissions
Critical
CVE-2008-1475
was published
for
roundup
(pip)
May 1, 2022
Zope Object Database (ZODB) Authentication bypass in ZEO storage servers
High
CVE-2009-0669
was published
for
ZODB3
(pip)
May 2, 2022
Buildbot Cross-site scripting (XSS) vulnerability
Moderate
CVE-2009-2959
was published
for
buildbot
(pip)
May 2, 2022
Buildbot vulnerable to cross-site scripting
Moderate
CVE-2009-2967
was published
for
buildbot
(pip)
May 2, 2022
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set
High
CVE-2010-0667
was published
for
moin
(pip)
May 2, 2022
jplayer Cross Site Scripting vulnerability
Moderate
CVE-2013-2022
was published
for
jplayer
(npm)
May 17, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector
Moderate
CVE-2020-10960
was published
for
mediawiki/core
(Composer)
May 24, 2022
HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions
High
CVE-2021-41803
was published
for
github.com/hashicorp/consul
(Go)
Sep 25, 2022
MooTools Regular Expression Denial of Service
High
CVE-2021-32821
was published
for
mootools
(npm)
Jan 3, 2023
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Low
CVE-2023-3299
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Nomad ACL Policies without Label are Applied to Unexpected Resources
Moderate
CVE-2023-3072
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Nomad Search API Leaks Information About CSI Plugins
Moderate
CVE-2023-3300
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
High
CVE-2023-3518
was published
for
github.com/hashicorp/consul
(Go)
Aug 9, 2023
ProTip!
Advisories are also available from the
GraphQL API