GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
private_address_check contains Incomplete List of Disallowed Inputs
High
CVE-2017-0909
was published
for
private_address_check
(RubyGems)
Nov 30, 2017
Incomplete List of Disallowed Inputs in Jenkins
Moderate
CVE-2017-2602
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of...
High
Unreviewed
CVE-2020-14372
was published
May 24, 2022
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute...
High
Unreviewed
CVE-2015-5946
was published
May 17, 2022
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)...
High
Unreviewed
CVE-2021-1133
was published
May 24, 2022
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)...
Moderate
Unreviewed
CVE-2021-1135
was published
May 24, 2022
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)...
Moderate
Unreviewed
CVE-2021-1255
was published
May 24, 2022
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and...
High
Unreviewed
CVE-2018-6383
was published
May 13, 2022
Incomplete List of Disallowed Inputs in Kubernetes
Moderate
CVE-2021-25737
was published
for
k8s.io/kubernetes
(Go)
Sep 7, 2021
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users...
Moderate
Unreviewed
CVE-2016-6189
was published
May 13, 2022
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly...
High
Unreviewed
CVE-2018-16863
was published
May 13, 2022
SvelteKit vulnerable to Cross-Site Request Forgery
High
CVE-2023-29003
was published
for
@sveltejs/kit
(npm)
Apr 4, 2023
Safemode Gem Has Incomplete List of Disallowed Inputs
Critical
CVE-2017-7540
was published
for
safemode
(RubyGems)
Oct 24, 2017
Cortex's Alertmanager can expose local files content via specially crafted config
Moderate
CVE-2022-23536
was published
for
github.com/cortexproject/cortex
(Go)
Dec 19, 2022
Apache NiFi Insufficient Property Validation vulnerability
Moderate
CVE-2023-40037
was published
for
org.apache.nifi:nifi-dbcp-base
(Maven)
Aug 19, 2023
Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
Critical
CVE-2021-21697
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Denial of Service in http-proxy
High
GHSA-6x33-pw7p-hmpq
was published
for
http-proxy
(npm)
Sep 4, 2020
jackson-databind is vulnerable to a deserialization flaw
Critical
CVE-2017-7525
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
Deserialization of Untrusted Data in jackson-databind
High
CVE-2018-5968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 30, 2020
FasterXML jackson-databind allows unauthenticated remote code execution
Critical
CVE-2018-7489
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution
Critical
CVE-2017-15095
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
Incomplete List of Disallowed Inputs in SOFA-Hessian
Critical
CVE-2019-9212
was published
for
com.alipay.sofa:hessian
(Maven)
Mar 6, 2019
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Moderate
CVE-2024-28246
was published
for
katex
(npm)
Mar 25, 2024
A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated,...
Moderate
Unreviewed
CVE-2024-20278
was published
Mar 27, 2024
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-23844
was published
Jul 26, 2023
ProTip!
Advisories are also available from the
GraphQL API