GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
420 advisories
Filter by severity
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
Critical
CVE-2017-5638
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 18, 2018
Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*
High
CVE-2018-8039
was published
for
org.apache.cxf:apache-cxf
(Maven)
Oct 19, 2018
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
Moderate
CVE-2019-11777
was published
for
org.eclipse.paho:org.eclipse.paho.client.mqttv3
(Maven)
Sep 17, 2019
ecdsa Denial of Service vulnerability in signature verification and signature malleability
High
CVE-2019-14853
was published
for
ecdsa
(pip)
Oct 8, 2019
Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT
Critical
CVE-2019-17195
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Oct 16, 2019
Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
High
CVE-2021-28165
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 6, 2021
Denial of Service (DoS) in restify-paginate
High
CVE-2020-27543
was published
for
restify-paginate
(npm)
Apr 12, 2021
Authorization bypass in github.com/dgrijalva/jwt-go
High
CVE-2020-26160
was published
for
github.com/dgrijalva/jwt-go
(Go)
May 18, 2021
Crash in `tf.strings.substr` due to `CHECK`-fail
Low
CVE-2021-29617
was published
for
tensorflow
(pip)
May 21, 2021
Crash in `tf.transpose` with complex inputs
Low
CVE-2021-29618
was published
for
tensorflow
(pip)
May 21, 2021
Segfault in `tf.raw_ops.SparseCountSparseOutput`
Low
CVE-2021-29619
was published
for
tensorflow
(pip)
May 21, 2021
github.com/nats-io/nats-server Import token permissions checking not enforced
High
GHSA-j756-f273-xhp4
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Ory fosite contains Improper Handling of Exceptional Conditions
High
CVE-2020-15223
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Improper Handling of Exceptional Conditions in Apache Tomcat
High
CVE-2021-30639
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Improper Handling of Exceptional Conditions in detect-character-encoding
High
CVE-2021-39157
was published
for
detect-character-encoding
(npm)
Aug 25, 2021
Parse Server crashes with query parameter
High
CVE-2021-39187
was published
for
parse-server
(npm)
Sep 2, 2021
Uncontrolled Resource Consumption in transpile
Moderate
CVE-2021-23429
was published
for
transpile
(npm)
Sep 2, 2021
Exposure of Sensitive Information in keycloak
Moderate
CVE-2020-1744
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 20, 2021
In apusys, there is a possible memory corruption due to incorrect error handling. This could lead...
High
Unreviewed
CVE-2021-0668
was published
Nov 19, 2021
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote...
High
Unreviewed
CVE-2021-38003
was published
Nov 24, 2021
An unauthenticated attacker is able to send a special HTTP request, that causes a service to...
High
Unreviewed
CVE-2021-23859
was published
Dec 9, 2021
There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this...
High
Unreviewed
CVE-2021-37052
was published
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API