GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
11 advisories
Filter by severity
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
Rails has possible Sensitive Session Information Leak in Active Storage
Moderate
CVE-2024-26144
was published
for
activestorage
(RubyGems)
Feb 27, 2024
Rails has possible XSS Vulnerability in Action Controller
Moderate
CVE-2024-26143
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Low
CVE-2024-26142
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
High
CVE-2024-22243
was published
for
org.springframework:spring-web
(Maven)
Feb 23, 2024
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Moderate
GHSA-xc9x-jj77-9p9j
was published
for
nokogiri
(RubyGems)
Feb 5, 2024
Beetl Server-Side Template Injection vulnerability
Critical
CVE-2024-22533
was published
for
com.ibeetl:beetl-core
(Maven)
Feb 2, 2024
Apache Struts vulnerable to path traversal
Critical
CVE-2023-50164
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 7, 2023
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
Critical
CVE-2023-6014
was published
for
mlflow
(pip)
Nov 16, 2023
Moby Docker cp broken with debian containers
Critical
CVE-2019-14271
was published
for
github.com/docker/docker
(Go)
May 24, 2022
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection
Critical
CVE-2017-11467
was published
for
com.orientechnologies:orientdb-core
(Maven)
Oct 18, 2018
ProTip!
Advisories are also available from the
GraphQL API