Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

136 advisories

Loading
Deserialization Code Execution in js-yaml Critical
CVE-2013-4660 was published for js-yaml (npm) Oct 24, 2017
ejs is vulnerable to remote code execution due to weak input validation Critical
CVE-2017-1000228 was published for ejs (npm) Nov 30, 2017
Django-piston and Django-tastypie do not properly deserialize YAML data Critical
CVE-2011-4103 was published for django-piston (pip) Jul 23, 2018
Mitmweb in mitmproxy allows DNS Rebinding attacks Critical
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
restforce vulnerable to Improper Input Validation Critical
CVE-2018-3777 was published for restforce (RubyGems) Aug 3, 2018
Ansible fails to properly mark lookup-plugin results as unsafe Critical
CVE-2017-7481 was published for ansible (pip) Sep 6, 2018
Prototype Pollution in merge-recursive Critical
CVE-2018-3751 was published for merge-recursive (npm) Sep 18, 2018
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
Prototype Pollution in merge-options Critical
CVE-2018-3752 was published for merge-options (npm) Oct 9, 2018
Verification Bypass in jsonwebtoken Critical
CVE-2015-9235 was published for jsonwebtoken (npm) Oct 9, 2018
Prototype Pollution in deep-extend Critical
CVE-2018-3750 was published for deep-extend (npm) Oct 9, 2018
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal Critical
CVE-2017-12611 was published for org.apache.struts:struts2-core (Maven) Oct 16, 2018
sunSUNQ
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character Critical
CVE-2017-7676 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Spring Data Commons remote code injection vulnerability Critical
CVE-2018-1273 was published for org.springframework.data:spring-data-commons (Maven) Oct 17, 2018
sharonbz MarkLee131
r3kumar
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation Critical
CVE-2017-5638 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Improper Input Validation in alilibaba:fastjson Critical
CVE-2017-18349 was published for com.alibaba:fastjson (Maven) Oct 24, 2018
Forgeable Public/Private Tokens in jwt-simple Critical
CVE-2016-10555 was published for jwt-simple (npm) Nov 6, 2018
python-gnupg vulnerable to shell injection Critical
CVE-2014-1929 was published for python-gnupg (pip) Nov 6, 2018
Bleach URI Scheme Restriction Bypass Critical
CVE-2018-7753 was published for bleach (pip) Jan 4, 2019
modulemd uses an unsafe function for processing externally provided data Critical
CVE-2017-1002157 was published for modulemd (pip) Jan 17, 2019
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction Critical
CVE-2019-10648 was published for net.sf.robocode:robocode.host (Maven) Apr 2, 2019
MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation Critical
CVE-2019-9845 was published for MadsKristensen.AspNetCore.Miniblog (NuGet) Jul 5, 2019
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (npm) Jul 10, 2019
Arbitrary Code Execution in eslint-utils Critical
CVE-2019-15657 was published for eslint-utils (npm) Aug 26, 2019
ProTip! Advisories are also available from the GraphQL API