GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Low
GHSA-3h5r-928v-mxhh
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Improper Check for Unusual or Exceptional Conditions in Elasticsearch
High
CVE-2022-23712
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jun 7, 2022
Improper Handling of `callbackUrl` parameter in next-auth
High
CVE-2022-31093
was published
for
next-auth
(npm)
Jun 21, 2022
Improper handling of CSS at-rules in lettersanitizer
High
CVE-2022-31103
was published
for
lettersanitizer
(npm)
Jun 23, 2022
Unexpected server crash in Next.js
Moderate
CVE-2022-36046
was published
for
next
(npm)
Aug 30, 2022
Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT
Critical
CVE-2019-17195
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
Oct 16, 2019
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Low
CVE-2018-25007
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Authz Module Non-Determinism
Moderate
CVE-2021-41135
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Oct 21, 2021
Incorrect handling of H2 GOAWAY + SETTINGS frames
High
CVE-2021-39162
was published
for
github.com/pomerium/pomerium
(Go)
Sep 10, 2021
Denial of Service (DoS) in mongo-express
Moderate
CVE-2021-23372
was published
for
mongo-express
(npm)
Oct 6, 2021
fastify vulnerable to denial of service via malicious Content-Type
High
CVE-2022-39288
was published
for
fastify
(npm)
Oct 11, 2022
Crash due to erroneous `StatusOr` in TensorFlow
Moderate
CVE-2022-23590
was published
for
tensorflow
(pip)
Feb 9, 2022
Froxlor contains Unchecked Error Condition
Moderate
CVE-2023-0572
was published
for
froxlor/froxlor
(Composer)
Jan 30, 2023
Ory fosite contains Improper Handling of Exceptional Conditions
High
CVE-2020-15223
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Improper Check for Unusual or Exceptional Conditions in json-smart
Moderate
CVE-2021-27568
was published
for
net.minidev:json-smart
(Maven)
Jun 16, 2021
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Moderate
CVE-2021-33605
was published
for
com.vaadin:vaadin-checkbox-flow
(Maven)
Aug 30, 2021
IPFS go-bitfield vulnerable to DoS via malformed size arguments
Moderate
CVE-2023-23626
was published
for
github.com/ipfs/go-bitfield
(Go)
Feb 10, 2023
OctoRPKI crashes when max iterations is reached
Moderate
CVE-2022-3616
was published
for
github.com/cloudflare/cfrpki
(Go)
Oct 31, 2022
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Moderate
CVE-2023-34449
was published
for
ink
(Rust)
Jun 14, 2023
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2023-45812
was published
for
apollo-router
(Rust)
Oct 19, 2023
Electron context isolation bypass via nested unserializable return value
Moderate
CVE-2023-29198
was published
for
electron
(npm)
Sep 6, 2023
Feathers socket handler allows abusing implicit toString
High
CVE-2023-37899
was published
for
@feathersjs/socketio
(npm)
Jul 20, 2023
Mattermost denial of service vulnerability
Moderate
CVE-2023-5967
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
ProTip!
Advisories are also available from the
GraphQL API