Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

71 advisories

Loading
Koji Cross-site Scripting Moderate
CVE-2024-9427 was published for koji (pip) Dec 24, 2024
MathLive's Lack of Escaping of HTML allows for XSS Moderate
GHSA-qwj6-q94f-8425 was published for mathlive (npm) Jan 21, 2025
nsysean arnog
KaTeX \htmlData does not validate attribute names Moderate
CVE-2025-23207 was published for katex (npm) Jan 17, 2025
nsysean edemaine
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability Moderate
CVE-2024-10006 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to Moderate
CVE-2023-28362 was published for actionpack (RubyGems) Jun 29, 2023
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter High
CVE-2024-55663 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Dec 12, 2024
Apache Airflow vulnerable to Improper Encoding or Escaping of Output High
CVE-2024-45498 was published for apache-airflow (pip) Sep 7, 2024
exolightor
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
Improper Encoding or Escaping of Output in Apache Superset High
CVE-2021-42250 was published for apache-superset (pip) May 24, 2022
Inconsistent input sanitisation leads to XSS vectors Critical
CVE-2021-41132 was published for omero-figure (pip) Oct 14, 2021
Apache Zeppelin vulnerable to cross-site scripting in the helium module Moderate
CVE-2024-31868 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
oscerd
React Developer Tools extension Improper Authorization vulnerability Moderate
CVE-2023-5654 was published for react-devtools-core (npm) Oct 19, 2023
Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible Moderate
CVE-2020-14330 was published for ansible (pip) Feb 9, 2022
ansible-runner vulnerable to shell command injection High
CVE-2021-4041 was published for ansible-runner (pip) Aug 25, 2022
Improper escaping in Apache Zeppelin Critical
CVE-2024-31866 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
raboof
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf pattisdr
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device High
CVE-2023-43620 was published for github.com/schollz/croc/v9 (Go) Sep 20, 2023
schollz
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast bnf
Improper escaping in XWiki Platform High
CVE-2020-13654 was published for org.xwiki.platform:xwiki-platform-web (Maven) Feb 9, 2022
Moodle Improper Encoding or Escaping of Output Moderate
CVE-2021-40694 was published for moodle/moodle (Composer) Sep 30, 2022
Apache Tomcat improperly escapes input from JsonErrorReportValve High
CVE-2022-45143 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 3, 2023
westonsteimel
Insert tag injection in the Contao login module Moderate
CVE-2019-19714 was published for contao/contao (Composer) Dec 17, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database