GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
Insert tag injection in the Contao login module
Moderate
CVE-2019-19714
was published
for
contao/contao
(Composer)
Dec 17, 2019
Control character injection in console output in github.com/ipfs/go-ipfs
Moderate
CVE-2020-26283
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Misinterpretation of malicious XML input
Moderate
CVE-2021-32796
was published
for
@xmldom/xmldom
(npm)
Aug 3, 2021
Authentication Bypass by Alternate Name in Apache Tomcat
Moderate
CVE-2021-30640
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Path traversal in xwiki-platform-skin-skinx
Moderate
CVE-2022-23620
was published
for
org.xwiki.platform:xwiki-platform-skin-skinx
(Maven)
Feb 9, 2022
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
Moderate
CVE-2020-14330
was published
for
ansible
(pip)
Feb 9, 2022
Log value insertion in craftercms
Moderate
CVE-2021-23266
was published
for
org.craftercms:craftercms
(Maven)
May 17, 2022
Cross-site Scripting in Jenkins Random String Parameter Plugin
Moderate
CVE-2022-30966
was published
for
org.jenkins-ci.plugins:random-string-parameter
(Maven)
May 18, 2022
Improper Encoding or Escaping of Output in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10362
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector
Moderate
CVE-2020-10960
was published
for
mediawiki/core
(Composer)
May 24, 2022
Stored XSS vulnerability in Jenkins Git Plugin
Moderate
CVE-2021-21684
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 24, 2022
Log Injection in Apache Sling Commons Log and Apache Sling API
Moderate
CVE-2022-32549
was published
for
org.apache.sling:org.apache.sling.api
(Maven)
Jun 23, 2022
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
Moderate
CVE-2022-2099
was published
for
woocommerce/woocommerce
(Composer)
Jul 18, 2022
Moodle Improper Encoding or Escaping of Output
Moderate
CVE-2021-40694
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
Teampass Cross-site Scripting vulnerability
Moderate
CVE-2023-3190
was published
for
nilsteampassnet/teampass
(Composer)
Jun 10, 2023
Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax
Moderate
CVE-2023-34036
was published
for
org.springframework.hateoas:spring-hateoas
(Maven)
Jul 17, 2023
Critters Cross-site Scripting Vulnerability
Moderate
CVE-2023-3481
was published
for
critters
(npm)
Aug 11, 2023
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Moderate
CVE-2023-40014
was published
for
@openzeppelin/contracts
(npm)
Aug 11, 2023
React Developer Tools extension Improper Authorization vulnerability
Moderate
CVE-2023-5654
was published
for
react-devtools-core
(npm)
Oct 19, 2023
Mattermost password hash disclosure vulnerability
Moderate
CVE-2023-5968
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
Ansible-core information disclosure flaw
Moderate
CVE-2024-0690
was published
for
ansible-core
(pip)
Feb 6, 2024
KaTeX's `\includegraphics` does not escape filename
Moderate
CVE-2024-28245
was published
for
katex
(npm)
Mar 25, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate
CVE-2024-10006
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
ProTip!
Advisories are also available from the
GraphQL API