Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

110 advisories

Loading
XSS in Image Optimization API for Next.js High
CVE-2021-39178 was published for next (npm) Sep 1, 2021
tdunlap607
Authorization Policy Bypass Due to Case Insensitive Host Comparison High
CVE-2021-39155 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu avivdolev
tdunlap607
Cachet vulnerable to new line injection during configuration edition High
CVE-2021-39172 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource tdunlap607
Data races in lever High
CVE-2020-36457 was published for lever (Rust) Aug 25, 2021
tdunlap607
Overflow in prost-types High
CVE-2021-38192 was published for prost-types (Rust) Aug 25, 2021
tdunlap607
Out of bounds read in uu_od High
CVE-2021-29934 was published for uu_od (Rust) Aug 25, 2021
tdunlap607
Use after free in Rocket High
CVE-2021-29935 was published for rocket (Rust) Aug 25, 2021
tdunlap607
Off-by-one error in simple-slab High
CVE-2020-35893 was published for simple-slab (Rust) Aug 25, 2021
tdunlap607
Stack consumption in trust-dns-server High
CVE-2020-35857 was published for trust-dns-server (Rust) Aug 25, 2021
tdunlap607
Array size is not checked in sized-chunks High
CVE-2020-25792 was published for sized-chunks (Rust) Aug 25, 2021
tdunlap607
Out of bounds write in serde_cbor High
CVE-2019-25001 was published for serde_cbor (Rust) Aug 25, 2021
tdunlap607
Improper Input Validation in once_cell High
CVE-2019-16141 was published for once_cell (Rust) Aug 25, 2021
tdunlap607
Use after free in string-interner High
CVE-2019-16882 was published for string-interner (Rust) Aug 25, 2021
tdunlap607
Arbitrary file overwrite in tar-rs High
CVE-2018-20990 was published for tar (Rust) Aug 25, 2021
tdunlap607
github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion High
CVE-2021-23409 was published for github.com/pires/go-proxyproto (Go) Jul 26, 2021
tdunlap607
Cross-site scripting (XSS) from field and configuration text displayed in the Panel High
CVE-2021-32735 was published for getkirby/cms (Composer) Jul 2, 2021
hdodov tdunlap607
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures High
GHSA-gq5r-cc4w-g8xf was published for github.com/russellhaering/gosaml2 (Go) Jun 23, 2021 withdrawn
tdunlap607
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks High
CVE-2021-33571 was published for Django (pip) Jun 10, 2021
tdunlap607
Potential infinite loop in Pillow High
CVE-2021-28676 was published for Pillow (pip) Jun 8, 2021
tdunlap607
Path Traversal in Django High
CVE-2021-31542 was published for Django (pip) Jun 4, 2021
tdunlap607
Improper Certificate Validation in EM-HTTP-Request High
CVE-2020-13482 was published for em-http-request (RubyGems) May 24, 2021
tdunlap607
Arbitrary Code Execution in json-ptr High
CVE-2020-7766 was published for json-ptr (npm) May 10, 2021
tdunlap607
Out of bounds read in Pillow High
CVE-2021-25291 was published for Pillow (pip) Mar 29, 2021
tdunlap607 sunSUNQ
Regular Expression Denial of Service in papaparse High
GHSA-qvjc-g5vr-mfgr was published for papaparse (npm) Sep 4, 2020
tdunlap607
Command Injection in local-devices High
GHSA-w725-67p7-xv22 was published for local-devices (npm) Sep 3, 2020
tdunlap607
ProTip! Advisories are also available from the GraphQL API