Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,176
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> High
CVE-2021-32797 was published for jupyterlab (pip) Aug 23, 2021
0xDeva
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
Cachet configuration leak High
CVE-2021-39174 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
Code injection in plupload Moderate
CVE-2021-23562 was published for plupload (npm) Dec 16, 2021
OctoPrint vulnerable to Special Element Injection Moderate
CVE-2022-3607 was published for OctoPrint (pip) Oct 19, 2022
rdiffweb vulnerable to Special Element Injection Moderate
CVE-2022-4721 was published for rdiffweb (pip) Dec 27, 2022
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter High
CVE-2023-1758 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Critical
CVE-2023-40743 was published for axis:axis (Maven) Sep 5, 2023
jkmartindale ebickle
Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri Moderate
GHSA-5968-qw33-h47j was published for org.keycloak:keycloak-services (Maven) Dec 15, 2023 withdrawn
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri Moderate
CVE-2023-6134 was published for org.keycloak:keycloak-services (Maven) Dec 18, 2023
lauritzh
Black vulnerable to Regular Expression Denial of Service (ReDoS) Moderate
CVE-2024-21503 was published for black (pip) Mar 19, 2024
Winter CMS Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-29686 was published for wintercms/winter (Composer) Mar 29, 2024
Untrusted Query Object Evaluation in RPC API High
GHSA-64f8-pjgr-9wmr was published for surrealdb (Rust) Sep 11, 2024
RaphaelDarley
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database