Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,328
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,184 advisories

Loading
Validation Bypass in paypal-ipn Moderate
CVE-2014-10067 was published for paypal-ipn (npm) Aug 31, 2020
Session key exposure through session list in Django User Sessions Moderate
CVE-2020-5224 was published for django-user-sessions (pip) Jan 24, 2020
Validation bypass is possible in Json Pattern Validator Moderate
CVE-2019-19507 was published for jpv (npm) Dec 4, 2019
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js Moderate
CVE-2017-11429 was published for saml2-js (npm) Jul 5, 2019
Forced Logout in keycloak-connect Moderate
CVE-2019-10157 was published for keycloak-connect (npm) Jun 13, 2019
org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability Moderate
CVE-2018-11770 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
Improper Input Validation in org.apache.qpid:qpid-broker Moderate
CVE-2016-3094 was published for org.apache.qpid:qpid-broker (Maven) Oct 16, 2018
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
actionpack Improper Authentication vulnerability Moderate
CVE-2012-3424 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database