GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Weaviate denial of service vulnerability
High
CVE-2023-38976
was published
for
github.com/weaviate/weaviate
(Go)
Aug 22, 2023
Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder
High
CVE-2022-1642
was published
for
github.com/apple/swift-corelibs-foundation
(Swift)
Jun 7, 2023
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
High
CVE-2022-41828
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
Oct 12, 2022
Duplicate Advisory: AWS Redshift JDBC Driver fails to validate class type during object instantiation
High
GHSA-5c6q-f783-h888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
Sep 30, 2022
•
withdrawn
pg-native and libpq vulnerable to uncontrolled resource consumption
High
CVE-2022-25852
was published
for
libpq
(npm)
Jun 18, 2022
Incorrect Privilege Assignment in Jenkins Script Security Plugin
High
CVE-2019-10355
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Improperly checked metadata on tools/armour itemstacks received from the client
High
GHSA-46c5-pfj8-fv65
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
Cachet vulnerable to forced reinstall
High
CVE-2021-39173
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
os_str_bytes relies on undefined behavior of `char::from_u32_unchecked`
High
CVE-2020-35865
was published
for
os_str_bytes
(Rust)
Aug 25, 2021
Dangling reference in flatbuffers
High
CVE-2020-35864
was published
for
flatbuffers
(Rust)
Aug 25, 2021
crack does not properly restrict casts of string values
High
CVE-2013-1800
was published
for
crack
(RubyGems)
Oct 24, 2017
extlib does not properly restrict casts of string values
High
CVE-2013-1802
was published
for
extlib
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API