Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,866
Maven
5,000+
npm
3,588
NuGet
636
pip
3,178
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Keycloak's improper input validation allows using email as username Low
GHSA-4vc8-pg5c-vg4x was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
Contract balance not updating correctly after interchain transaction High
CVE-2024-37153 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Vvaradinov EvmosDAO
Requests `Session` object does not verify requests after making first request with verify=False Moderate
CVE-2024-35195 was published for requests (pip) May 20, 2024
mikeassel sigmavirus24
nateprewitt
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud) Moderate
GHSA-6xch-2vxx-5pvr was published for ezsystems/ezplatform (Composer) May 15, 2024
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4 Moderate
CVE-2023-49798 was published for @openzeppelin/contracts (npm) Dec 12, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha Moderate
CVE-2023-45292 was published for github.com/mojocn/base64Captcha (Go) Dec 12, 2023
Fiber unauthorized access vulnerability in `ctx.IsFromLocal()` Moderate
CVE-2023-41338 was published for github.com/gofiber/fiber (Go) Sep 8, 2023
schicho gaby
efectn jozsefsallai ReneWerner87
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled High
CVE-2023-23623 was published for electron (npm) Sep 6, 2023
andreasdj
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer High
CVE-2023-41058 was published for parse-server (npm) Sep 4, 2023
Moumouls mtrezza
incorrect order of evaluation of side effects for some builtins Moderate
CVE-2023-41052 was published for vyper (pip) Sep 4, 2023
trocher
Vyper: reversed order of side effects for some operations Moderate
CVE-2023-40015 was published for vyper (pip) Sep 4, 2023
trocher
Incorrect control flow in Jenkins Gradle Plugin breaks credentials masking in the build log Moderate
CVE-2023-39152 was published for org.jenkins-ci.plugins:gradle (Maven) Jul 26, 2023
Vyper's nonpayable default functions are sometimes payable Low
CVE-2023-32675 was published for vyper (pip) May 22, 2023
trocher
Incorrect success value returned in vyper High
CVE-2023-30629 was published for vyper (pip) Apr 24, 2023
algys pavelvm5
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs Moderate
CVE-2022-41884 was published for tensorflow (pip) Nov 21, 2022
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm) Moderate
CVE-2022-39354 was published for evm (Rust) Oct 25, 2022
Solana Pay Vulnerable to Weakness in Transfer Validation Logic Moderate
CVE-2022-35917 was published for @solana/pay (npm) Aug 6, 2022
cmowenby
Incorrect handling of invalid surrogate pair characters High
CVE-2022-31116 was published for ujson (pip) Jul 5, 2022
JustAnotherArchivist the-bumble
Multiple evaluation of contract address in call in vyper High
CVE-2022-29255 was published for vyper (pip) Jun 6, 2022
bson-objectid contains Improper input validation High
CVE-2019-19729 was published for bson-objectid (npm) May 24, 2022
Always-Incorrect Control Flow Implementation in Facebook Hermes Critical
CVE-2020-1914 was published for hermes-engine (npm) May 24, 2022
Nsquik troZee
CHaNGeTe mmehtonen-24i bdellegrazie
Ansible unsafe evaluation of some strings High
CVE-2014-2686 was published for ansible (pip) May 17, 2022
Drainage of FeeCollector's Block Transaction Fees in cronos High
CVE-2021-43839 was published for github.com/crypto-org-chain/cronos (Go) Jan 6, 2022
zb3
Specification non-compliance in JUMPI High
CVE-2021-41153 was published for evm (Rust) Oct 19, 2021
Missing Handler in @scandipwa/magento-scripts Moderate
CVE-2021-32684 was published for @scandipwa/magento-scripts (npm) Jun 21, 2021
ProTip! Advisories are also available from the GraphQL API