GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
363 advisories
Filter by severity
Phusion Passenger allows remote attackers to spoof headers
Low
CVE-2015-7519
was published
for
passenger
(RubyGems)
Oct 10, 2018
SMTP Injection in PHPMailer
Low
CVE-2015-8476
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
The `size` option isn't honored after following a redirect in node-fetch
Low
CVE-2020-15168
was published
for
node-fetch
(npm)
Sep 10, 2020
Environment Variable Injection in GitHub Actions
Low
CVE-2020-15228
was published
for
@actions/core
(npm)
Oct 1, 2020
VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption
Low
GHSA-375m-5fvv-xq23
was published
for
vyper
(pip)
Apr 19, 2021
Incomplete validation in `SparseReshape`
Low
CVE-2021-29611
was published
for
tensorflow
(pip)
May 21, 2021
Crash due to malformed relay protocol message
Low
CVE-2021-21404
was published
for
github.com/syncthing/syncthing
(Go)
May 21, 2021
Aliases are never checked in helm
Low
CVE-2020-15184
was published
for
helm.sh/helm
(Go)
May 24, 2021
Repository index file allows for duplicates of the same chart entry in helm
Low
CVE-2020-15185
was published
for
helm.sh/helm
(Go)
May 24, 2021
Improper Sanitizing of plugin names in helm
Low
CVE-2020-15186
was published
for
helm.sh/helm
(Go)
May 24, 2021
Improper Input Validation in Firefly III
Low
CVE-2019-14671
was published
for
grumpydictator/firefly-iii
(Composer)
Sep 8, 2021
The programming function of Shockwall system has an improper input validation vulnerability. An...
Low
Unreviewed
CVE-2021-45916
was published
Jan 4, 2022
Data Amplification in Play Framework
Low
CVE-2020-28923
was published
for
com.typesafe.play:play
(Maven)
Feb 9, 2022
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on...
Low
Unreviewed
CVE-2003-0367
was published
Apr 29, 2022
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows...
Low
Unreviewed
CVE-2003-1463
was published
Apr 29, 2022
Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service ...
Low
Unreviewed
CVE-2005-0492
was published
May 1, 2022
Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system"...
Low
Unreviewed
CVE-2005-0904
was published
May 1, 2022
** DISPUTED ** JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not...
Low
Unreviewed
CVE-2005-1682
was published
May 1, 2022
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service...
Low
Unreviewed
CVE-2005-1761
was published
May 1, 2022
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS)...
Low
Unreviewed
CVE-2005-3055
was published
May 1, 2022
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by...
Low
Unreviewed
CVE-2006-1192
was published
May 1, 2022
Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI...
Low
Unreviewed
CVE-2006-2920
was published
May 1, 2022
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user...
Low
Unreviewed
CVE-2006-4842
was published
May 1, 2022
The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12...
Low
Unreviewed
CVE-2006-5793
was published
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API