Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

62 advisories

Loading
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2022-43183 was published for com.xuxueli:xxl-job-core (Maven) Nov 17, 2022
MarkLee131 achibear
Credited to MarkLee131 and achibear
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data High
CVE-2023-25194 was published for org.apache.kafka:connect (Maven) Feb 7, 2023
MarkLee131
Credited to MarkLee131
XXE in PHPSpreadsheet due to encoding issue High
CVE-2018-19277 was published for phpoffice/phpexcel (Composer) Nov 20, 2019
MarkLee131
Credited to MarkLee131
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue High
CVE-2019-12331 was published for phpoffice/phpexcel (Composer) Nov 20, 2019
MarkLee131
Credited to MarkLee131
Django Access Restrictions Bypass High
CVE-2016-2048 was published for django (pip) May 17, 2022
MarkLee131
Credited to MarkLee131
Django vulnerable to Denial of Service via i18n middleware component High
CVE-2007-5712 was published for Django (pip) May 1, 2022
MarkLee131
Credited to MarkLee131
Improper query string handling in Django High
CVE-2010-4534 was published for Django (pip) Jul 23, 2018
MarkLee131
Credited to MarkLee131
Django contains Uncontrolled Resource Consumption via cached header High
CVE-2023-23969 was published for django (pip) Feb 1, 2023
MarkLee131
Credited to MarkLee131
Infinite Loop in Django High
CVE-2022-23833 was published for Django (pip) Feb 4, 2022
tdunlap607 MarkLee131
Credited to tdunlap607 and MarkLee131
Django Reuses Cached CSRF Token High
CVE-2014-0473 was published for Django (pip) May 17, 2022
MarkLee131
Credited to MarkLee131
Django database denial-of-service with ModelMultipleChoiceField High
CVE-2015-0222 was published for Django (pip) May 17, 2022
MarkLee131
Credited to MarkLee131
Django vulnerable to information leakage in AuthenticationForm High
CVE-2018-6188 was published for Django (pip) Oct 3, 2018
MarkLee131
Credited to MarkLee131
Django CSRF Protection Bypass High
CVE-2016-7401 was published for django (pip) May 14, 2022
MarkLee131
Credited to MarkLee131
Django Denial-of-service possibility with strip_tags High
CVE-2015-2316 was published for Django (pip) May 14, 2022
MarkLee131
Credited to MarkLee131
Django Denial-of-service by filling session store High
CVE-2015-5143 was published for Django (pip) Jul 5, 2019
MarkLee131
Credited to MarkLee131
Denial of service in django High
CVE-2011-4137 was published for Django (pip) Jul 23, 2018
MarkLee131
Credited to MarkLee131
Django cross-site request forgery (CSRF) vulnerability High
CVE-2008-3909 was published for django (pip) May 2, 2022
MarkLee131
Credited to MarkLee131
Cross-site request forgery in Django High
CVE-2011-0696 was published for Django (pip) Jul 23, 2018
MarkLee131
Credited to MarkLee131
RDF4J vulnerable to zip slip High
CVE-2018-20227 was published for org.eclipse.rdf4j:rdf4j (Maven) May 14, 2022
MarkLee131
Credited to MarkLee131
Django Arbitrary Code Execution High
CVE-2007-0404 was published for Django (pip) May 1, 2022
MarkLee131
Credited to MarkLee131
High severity vulnerability that affects io.vertx:vertx-web High
CVE-2018-12540 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
MarkLee131
Credited to MarkLee131
Apache Geode vulnerable to Incorrect Authorization High
CVE-2017-15695 was published for org.apache.geode:geode-core (Maven) May 13, 2022
MarkLee131
Credited to MarkLee131
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML High
CVE-2013-4221 was published for org.restlet.jse:org.restlet (Maven) May 17, 2022
MarkLee131
Credited to MarkLee131
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass High
CVE-2018-1258 was published for org.springframework:spring-core (Maven) Oct 17, 2018
MarkLee131 sunSUNQ
Credited to MarkLee131 and sunSUNQ
Spring Security vulnerable to Authorization Bypass High
CVE-2018-15801 was published for org.springframework.security:spring-security-core (Maven) Dec 20, 2018
MarkLee131 sunSUNQ
Credited to MarkLee131 and sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database