GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
TCPDF has incorrect comparison
Moderate
CVE-2024-56522
was published
for
tecnickcom/tcpdf
(Composer)
Dec 27, 2024
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Moderate
CVE-2024-12224
was published
for
idna
(Rust)
Dec 9, 2024
PyJWT Issuer field partial matches allowed
Low
CVE-2024-53861
was published
for
PyJWT
(pip)
Dec 2, 2024
Alpine allows Authentication Filter bypass
Moderate
CVE-2022-23554
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
Low
CVE-2024-23903
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46657
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Oct 25, 2023
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46656
was published
for
igalg.jenkins.plugins:multibranch-scan-webhook-trigger
(Maven)
Oct 25, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Low
CVE-2023-46660
was published
for
org.jenkins-ci.plugins:zanata
(Maven)
Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46658
was published
for
io.jenkins.plugins:teams-webhook-trigger
(Maven)
Oct 25, 2023
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
gnark unsoundness in variable comparison / non-unique binary decomposition
Moderate
CVE-2023-44378
was published
for
github.com/consensys/gnark
(Go)
Oct 4, 2023
Jenkins Google Login Plugin non-constant time token comparison
High
CVE-2023-41936
was published
for
org.jenkins-ci.plugins:google-login
(Maven)
Sep 6, 2023
Non-constant time nonce comparison in Jenkins Microsoft Entra ID (previously Azure AD) Plugin
High
CVE-2023-41935
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
Sep 6, 2023
Apache NiFi Insufficient Property Validation vulnerability
Moderate
CVE-2023-40037
was published
for
org.apache.nifi:nifi-dbcp-base
(Maven)
Aug 19, 2023
Apache OpenMeetings insufficient authorization vulnerability
Moderate
CVE-2023-28936
was published
for
org.apache.openmeetings:openmeetings-db
(Maven)
Jul 6, 2023
Dynamic Linq vulnerable to remote code execution
Critical
CVE-2023-32571
was published
for
System.Linq.Dynamic.Core
(NuGet)
Jun 22, 2023
TensorFlow has Floating Point Exception in AudioSpectrogram
High
CVE-2023-25666
was published
for
tensorflow
(pip)
Mar 24, 2023
TensorFlow has Floating Point Exception in AvgPoolGrad with XLA
High
CVE-2023-25669
was published
for
tensorflow
(pip)
Mar 24, 2023
TensorFlow has Floating Point Exception in TensorListSplit with XLA
High
CVE-2023-25673
was published
for
tensorflow
(pip)
Mar 24, 2023
TensorFlow has Segfault in Bincount with XLA
High
CVE-2023-25675
was published
for
tensorflow
(pip)
Mar 24, 2023
TensorFlow has Floating Point Exception in TFLite in conv kernel
High
CVE-2023-27579
was published
for
tensorflow
(pip)
Mar 24, 2023
uri-template-lite Regular Expression Denial of Service
Moderate
CVE-2021-43309
was published
for
uri-template-lite
(npm)
Aug 25, 2022
Regular expression denial of service in eth-account
Moderate
CVE-2022-1930
was published
for
eth-account
(pip)
Aug 23, 2022
JetBrains Ktor before 2.1.0 was vulnerable to a Reflect File Download attack
Moderate
CVE-2022-38179
was published
for
io.ktor:ktor
(Maven)
Aug 13, 2022
ProTip!
Advisories are also available from the
GraphQL API