Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

11,261 advisories

Loading
Inappropriate implementation in V8 High
CVE-2020-16009 was published for CefSharp.Common (NuGet) Dec 2, 2020
XXE in petl High
CVE-2020-29128 was published for petl (pip) Dec 2, 2020
nvn1729 Credited to nvn1729
Base class whitelist configuration ignored in OAuthenticator High
CVE-2020-26250 was published for oauthenticator (pip) Dec 1, 2020
Use after free in CefSharp High
CVE-2020-16017 was published for CefSharp.Common (NuGet) Nov 27, 2020
Inappropriate implementation in V8 in CefSharp High
CVE-2020-16013 was published for CefSharp.Common (NuGet) Nov 27, 2020
Denial of service attack due to invalid JSON High
CVE-2020-26890 was published for matrix-synapse (pip) Nov 24, 2020
dkasak Credited to dkasak
Cleartext storage of session identifier High
CVE-2020-26228 was published for typo3/cms (Composer) Nov 23, 2020
liayn Credited to liayn, bmack, and ohader bmack bmack
ohader ohader
Local File Inclusion by unauthenticated users High
CVE-2020-15246 was published for october/cms (Composer) Nov 23, 2020
ka1n4t Credited to ka1n4t
Secret disclosure when containing characters that become URI encoded High
CVE-2020-26226 was published for semantic-release (npm) Nov 18, 2020
dbjorge Credited to dbjorge
Cross-Site Scripting through Fluid view helper arguments High
CVE-2020-26216 was published for typo3fluid/fluid (Composer) Nov 18, 2020
NamelessCoder Credited to NamelessCoder and jonaseberle jonaseberle jonaseberle
XStream can be used for Remote Code Execution High
CVE-2020-26217 was published for com.thoughtworks.xstream:xstream (Maven) Nov 16, 2020
Vulnerability in RPKI manifest validation High
GHSA-q76j-58cx-wp5v was published for net.ripe.rpki:rpki-validator-3 (Maven) Nov 13, 2020
Authorization bypass in Spree High
CVE-2020-26223 was published for spree_api (RubyGems) Nov 13, 2020
Segfault in `tf.quantization.quantize_and_dequantize` High
CVE-2020-15265 was published for tensorflow (pip) Nov 13, 2020
Remote code execution in dependabot-core branch names when cloning High
CVE-2020-26222 was published for dependabot-common (RubyGems) Nov 13, 2020
mrthankyou Credited to mrthankyou
Prototype Pollution in json-logic-js High
GHSA-m9hw-7xfv-wqg7 was published for json-logic-js (npm) Nov 12, 2020
Exploitable inventory component chaining in PocketMine-MP High
GHSA-8jq6-w5cg-wm45 was published for pocketmine/pocketmine-mp (Composer) Nov 11, 2020
Muqsit Credited to Muqsit and CortexPE CortexPE CortexPE
MoinMoin vulnerable to remote code execution via cache action High
CVE-2020-25074 was published for moin (pip) Nov 11, 2020
Cross-Site Scripting in scratch-svg-renderer High
CVE-2020-7750 was published for scratch-svg-renderer (npm) Nov 9, 2020
Arbitrary File Read in phantom-html-to-pdf High
CVE-2020-7763 was published for phantom-html-to-pdf (npm) Nov 6, 2020
Local Temp Directory Hijacking Vulnerability High
CVE-2020-27216 was published for org.eclipse.jetty:jetty-webapp (Maven) Nov 4, 2020
JLLeitschuh Credited to JLLeitschuh and timtebeek timtebeek timtebeek
Regression in JWT Signature Validation High
CVE-2020-15240 was published for omniauth-auth0 (RubyGems) Nov 3, 2020
RCE via PHP Object injection via SOAP Requests High
CVE-2020-15244 was published for openmage/magento-lts (Composer) Oct 30, 2020
convenient Credited to convenient
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao Credited to Aquilao
Improper Authorization in Strapi High
CVE-2020-27665 was published for strapi-plugin-content-type-builder (npm) Oct 29, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database