GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,713
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Link injection in SimpleSAMLphp
Low
GHSA-2r3v-q9x3-7g46
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Unsanitized input leading to code injection in Dalli
Low
CVE-2022-4064
was published
for
dalli
(RubyGems)
Nov 19, 2022
Users with SCRIPT right can execute arbitrary code in XWiki
Low
CVE-2020-15171
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 10, 2020
Aliases are never checked in helm
Low
CVE-2020-15184
was published
for
helm.sh/helm
(Go)
May 24, 2021
Repository index file allows for duplicates of the same chart entry in helm
Low
CVE-2020-15185
was published
for
helm.sh/helm
(Go)
May 24, 2021
Improper Sanitizing of plugin names in helm
Low
CVE-2020-15186
was published
for
helm.sh/helm
(Go)
May 24, 2021
plugin.yaml file allows for duplicate entries in helm
Low
CVE-2020-15187
was published
for
helm.sh/helm
(Go)
May 24, 2021
Magnesium-PHP Injection vulnerability
Low
CVE-2017-20187
was published
for
floriangaerber/magnesium
(Composer)
Nov 5, 2023
Mattermost Injection vulnerability
Low
CVE-2023-35075
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
Contao: Unencoded insert tags in the frontend
Low
CVE-2024-28191
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Monolog Header injection in NativeMailerHandler
Low
GHSA-f57v-q966-7fh6
was published
for
monolog/monolog
(Composer)
May 15, 2024
cookie accepts cookie name, path, and domain with out of bounds characters
Low
CVE-2024-47764
was published
for
cookie
(npm)
Oct 4, 2024
Langchain SQL Injection vulnerability
Low
CVE-2024-8309
was published
for
langchain
(pip)
Oct 29, 2024
RDoc RCE vulnerability with .rdoc_options
Low
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
dbt has an implicit override for built-in materializations from installed packages
Low
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API