GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
Safemode Gem Has Incomplete List of Disallowed Inputs
Critical
CVE-2017-7540
was published
for
safemode
(RubyGems)
Oct 24, 2017
private_address_check contains Incomplete List of Disallowed Inputs
High
CVE-2017-0909
was published
for
private_address_check
(RubyGems)
Nov 30, 2017
jackson-databind is vulnerable to a deserialization flaw
Critical
CVE-2017-7525
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
FasterXML jackson-databind allows unauthenticated remote code execution
Critical
CVE-2018-7489
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution
Critical
CVE-2017-15095
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 18, 2018
Incomplete List of Disallowed Inputs in SOFA-Hessian
Critical
CVE-2019-9212
was published
for
com.alipay.sofa:hessian
(Maven)
Mar 6, 2019
Deserialization of Untrusted Data in jackson-databind
High
CVE-2018-5968
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 30, 2020
Denial of Service in http-proxy
High
GHSA-6x33-pw7p-hmpq
was published
for
http-proxy
(npm)
Sep 4, 2020
Incomplete List of Disallowed Inputs in Kubernetes
Moderate
CVE-2021-25737
was published
for
k8s.io/kubernetes
(Go)
Sep 7, 2021
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and...
High
Unreviewed
CVE-2018-6383
was published
May 13, 2022
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users...
Moderate
Unreviewed
CVE-2016-6189
was published
May 13, 2022
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly...
High
Unreviewed
CVE-2018-16863
was published
May 13, 2022
Incomplete List of Disallowed Inputs in Jenkins
Moderate
CVE-2017-2602
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute...
High
Unreviewed
CVE-2015-5946
was published
May 17, 2022
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)...
Moderate
Unreviewed
CVE-2021-1135
was published
May 24, 2022
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)...
High
Unreviewed
CVE-2021-1133
was published
May 24, 2022
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM)...
Moderate
Unreviewed
CVE-2021-1255
was published
May 24, 2022
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of...
High
Unreviewed
CVE-2020-14372
was published
May 24, 2022
Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
Critical
CVE-2021-21697
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Cortex's Alertmanager can expose local files content via specially crafted config
Moderate
CVE-2022-23536
was published
for
github.com/cortexproject/cortex
(Go)
Dec 19, 2022
SvelteKit vulnerable to Cross-Site Request Forgery
High
CVE-2023-29003
was published
for
@sveltejs/kit
(npm)
Apr 4, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-23844
was published
Jul 26, 2023
Apache NiFi Insufficient Property Validation vulnerability
Moderate
CVE-2023-40037
was published
for
org.apache.nifi:nifi-dbcp-base
(Maven)
Aug 19, 2023
Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This...
Critical
Unreviewed
CVE-2023-3374
was published
Sep 5, 2023
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
ProTip!
Advisories are also available from the
GraphQL API