GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
298 advisories
Duplicate Advisory: Authentication Bypass by CSRF Weakness
Critical
GHSA-6mqr-q86q-6gwr
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
•
withdrawn
Regular Expression Denial of Service in papaparse
High
CVE-2020-36649
was published
for
papaparse
(npm)
Sep 4, 2020
Browsershot does not validate URL protocols passed to Browsershot URL method
High
CVE-2022-41706
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Browsershot version 3.57.3 vulnerable to improper input validation
Moderate
CVE-2022-43984
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
csaf-poc/csaf_distribution Cross-site Scripting vulnerability
Moderate
CVE-2022-43996
was published
for
github.com/csaf-poc/csaf_distribution
(Go)
Dec 14, 2022
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution
Moderate
CVE-2022-31683
was published
for
github.com/concourse/concourse
(Go)
Oct 19, 2022
Hashicorp Nomad Information Exposure Through Environmental Variables
Moderate
CVE-2019-14802
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2022-42966
was published
for
cleo
(pip)
Nov 10, 2022
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2012-3464
was published
for
activesupport
(RubyGems)
Oct 24, 2017
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43570
was published
for
com.starkbank.ellipticcurve:starkbank-ecdsa
(Maven)
Nov 10, 2021
.NET Remote Code Execution Vulnerability
High
CVE-2022-41089
was published
for
Microsoft.WindowsDesktop.App.Runtime.win-arm64
(NuGet)
Dec 14, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
High
CVE-2015-5163
was published
for
glance
(pip)
May 17, 2022
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
High
CVE-2021-29434
was published
for
wagtail
(pip)
Apr 20, 2021
Improper Certificate Validation in urllib3
High
CVE-2019-11324
was published
for
urllib3
(pip)
Apr 19, 2019
GitPython vulnerable to Remote Code Execution due to improper user input validation
Critical
CVE-2022-24439
was published
for
GitPython
(pip)
Dec 6, 2022
Ansible password prompts could expose passwords
High
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
Data leakage via cache key collision in Django
High
CVE-2020-13254
was published
for
Django
(pip)
Jun 5, 2020
Improper Input Validation in PyYAML
Critical
CVE-2020-1747
was published
for
pyyaml
(pip)
Apr 20, 2021
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
High
CVE-2018-8825
was published
for
tensorflow
(pip)
Apr 24, 2019
Improper Restriction of XML External Entity Reference in python-docx
High
CVE-2016-5851
was published
for
python-docx
(pip)
May 13, 2022
XML External Entity Injection in PyWPS
High
CVE-2021-39371
was published
for
pywps
(pip)
Sep 2, 2021
ProTip!
Advisories are also available from the
GraphQL API