Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3510 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
levpachmanov Credited to levpachmanov
hoek subject to prototype pollution via the clone function. High
CVE-2020-36604 was published for @hapi/hoek (npm) Sep 25, 2022
levpachmanov Credited to levpachmanov
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ Credited to sunSUNQ, levpachmanov, and G-Rath levpachmanov levpachmanov
G-Rath G-Rath
Improper Neutralization of Special Elements used in a Command in Shell-quote Critical
CVE-2021-42740 was published for shell-quote (npm) May 24, 2022
MyTrueWallet Credited to MyTrueWallet, kurt-r2c, jwilk, and levpachmanov kurt-r2c kurt-r2c
jwilk jwilk levpachmanov levpachmanov
Cross site scripting in actionpack Rubygem Moderate
CVE-2011-1497 was published for actionpack (RubyGems) Apr 22, 2022
jhutchings1 Credited to jhutchings1, jasnow, and levpachmanov jasnow jasnow
levpachmanov levpachmanov
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (RubyGems) Jan 6, 2022
mitchell-codecov Credited to mitchell-codecov, nitaiapiiro, DmitriyLewen, jkmartindale, G-Rath, and levpachmanov nitaiapiiro nitaiapiiro
DmitriyLewen DmitriyLewen jkmartindale jkmartindale G-Rath G-Rath levpachmanov levpachmanov
Improper Input Validation in Jakarta Expression Language Moderate
CVE-2021-28170 was published for com.sun.el:el-ri (Maven) Oct 6, 2021
levpachmanov Credited to levpachmanov
Prototype Pollution in immer High
CVE-2021-3757 was published for immer (npm) Sep 7, 2021
levpachmanov Credited to levpachmanov
Prototype Pollution in immer Critical
CVE-2021-23436 was published for immer (npm) Sep 2, 2021
levpachmanov Credited to levpachmanov
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37701 was published for tar (npm) Aug 31, 2021
chen-robert Credited to chen-robert, ginkoid, and levpachmanov ginkoid ginkoid
levpachmanov levpachmanov
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37712 was published for tar (npm) Aug 31, 2021
JarLob Credited to JarLob, chen-robert, ginkoid, and levpachmanov chen-robert chen-robert
ginkoid ginkoid levpachmanov levpachmanov
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning High
CVE-2021-32803 was published for tar (npm) Aug 3, 2021
ginkoid Credited to ginkoid, chen-robert, and levpachmanov chen-robert chen-robert
levpachmanov levpachmanov
Prototype Pollution in immer High
CVE-2020-28477 was published for immer (npm) Jan 20, 2021
levpachmanov Credited to levpachmanov
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
levpachmanov Credited to levpachmanov
Deserialization of Untrusted Data and Code Injection in xstream Critical
CVE-2019-10173 was published for com.thoughtworks.xstream:xstream (Maven) Jul 26, 2019
levpachmanov Credited to levpachmanov
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (RubyGems) Jul 19, 2019
mitchell-codecov Credited to mitchell-codecov, G-Rath, and levpachmanov G-Rath G-Rath
levpachmanov levpachmanov
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request Moderate
CVE-2012-2694 was published for actionpack (RubyGems) Oct 24, 2017
levpachmanov Credited to levpachmanov
Action Pack contains database-query restrictions bypass Moderate
CVE-2012-2660 was published for actionpack (RubyGems) Oct 24, 2017
levpachmanov Credited to levpachmanov
actionpack Improper Authentication vulnerability Moderate
CVE-2012-3424 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry Credited to ShayAry and levpachmanov levpachmanov levpachmanov
activerecord vulnerable to SQL Injection High
CVE-2012-2695 was published for activerecord (RubyGems) Oct 24, 2017
levpachmanov Credited to levpachmanov
actionpack Cross-site Scripting vulnerability Moderate
CVE-2012-3465 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry Credited to ShayAry and levpachmanov levpachmanov levpachmanov
Active Record contains SQL Injection High
CVE-2012-6496 was published for activerecord (RubyGems) Oct 24, 2017
levpachmanov Credited to levpachmanov
activesupport Cross-site Scripting vulnerability Moderate
CVE-2012-3464 was published for activesupport (RubyGems) Oct 24, 2017
tdunlap607 Credited to tdunlap607 and levpachmanov levpachmanov levpachmanov
activesupport vulnerable to Denial of Service via large XML document depth Moderate
CVE-2015-3227 was published for activesupport (RubyGems) Oct 24, 2017
levpachmanov Credited to levpachmanov
SQL Injection in Active Record High
CVE-2014-3482 was published for activerecord (RubyGems) Oct 24, 2017
levpachmanov Credited to levpachmanov
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database