Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,750
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded Moderate
CVE-2024-12224 was published for idna (Rust) Dec 9, 2024
Apache NiFi Insufficient Property Validation vulnerability Moderate
CVE-2023-40037 was published for org.apache.nifi:nifi-dbcp-base (Maven) Aug 19, 2023
Regular Expression Denial of Service in jsoneditor Moderate
CVE-2021-3822 was published for jsoneditor (npm) Sep 29, 2021
TCPDF has incorrect comparison High
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
PyJWT Issuer field partial matches allowed Low
CVE-2024-53861 was published for PyJWT (pip) Dec 2, 2024
fabianbadoi
Logic error in authentication in proxy.py High
CVE-2021-3116 was published for proxy.py (pip) Apr 7, 2021
NLTK Vulnerable to REDoS High
CVE-2021-3828 was published for nltk (pip) Sep 29, 2021
Regular Expression Denial of Service in Leo Editor High
CVE-2020-23478 was published for leo (pip) Sep 23, 2021
Incorrect Comparison in cvxopt High
CVE-2021-41500 was published for cvxopt (pip) Jan 7, 2022
Alpine allows Authentication Filter bypass Moderate
CVE-2022-23554 was published for us.springett:alpine (Maven) Aug 5, 2024
Codiad Vulnerable to PHP Magic Hash Vulnerability High
CVE-2020-23355 was published for codiad/codiad (Composer) May 24, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header Critical
CVE-2020-13485 was published for verbb/knock-knock (Composer) May 24, 2022
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code Critical
CVE-2023-45133 was published for @babel/traverse (npm) Oct 16, 2023
SteakEnthusiast ashdude1401
nicolo-ribaudo Apetree100122 ebickle
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin Low
CVE-2024-23903 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
Non-constant time nonce comparison in Jenkins Microsoft Entra ID (previously Azure AD) Plugin High
CVE-2023-41935 was published for org.jenkins-ci.plugins:azure-ad (Maven) Sep 6, 2023
Jenkins Google Login Plugin non-constant time token comparison High
CVE-2023-41936 was published for org.jenkins-ci.plugins:google-login (Maven) Sep 6, 2023
uri-template-lite Regular Expression Denial of Service Moderate
CVE-2021-43309 was published for uri-template-lite (npm) Aug 25, 2022
marfoldi
Jenkins Gogs Plugin uses non-constant time webhook token comparison Low
CVE-2023-46657 was published for org.jenkins-ci.plugins:gogs-webhook (Maven) Oct 25, 2023
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46656 was published for igalg.jenkins.plugins:multibranch-scan-webhook-trigger (Maven) Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46658 was published for io.jenkins.plugins:teams-webhook-trigger (Maven) Oct 25, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin Low
CVE-2023-46660 was published for org.jenkins-ci.plugins:zanata (Maven) Oct 25, 2023
gnark unsoundness in variable comparison / non-unique binary decomposition Moderate
CVE-2023-44378 was published for github.com/consensys/gnark (Go) Oct 4, 2023
kustosz
Apache OpenMeetings insufficient authorization vulnerability Moderate
CVE-2023-28936 was published for org.apache.openmeetings:openmeetings-db (Maven) Jul 6, 2023
Dynamic Linq vulnerable to remote code execution Critical
CVE-2023-32571 was published for System.Linq.Dynamic.Core (NuGet) Jun 22, 2023
Sentry CORS misconfiguration Moderate
CVE-2023-36829 was published for sentry (pip) Jul 6, 2023
andr0idp4r4n0id
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database