GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
118 advisories
ReDoS vulnerability in parser_apache2
Moderate
CVE-2021-41186
was published
for
fluentd
(RubyGems)
Nov 1, 2021
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2020-12648
was published
for
tinymce
(npm)
Aug 11, 2020
fabric8 kubernetes-client vulnerable
Moderate
CVE-2021-4178
was published
for
io.fabric8:kubernetes-client
(Maven)
Jul 15, 2022
HashiCorp Nomad vulnerable to non-sensitive metadata exposure
Moderate
CVE-2022-3866
was published
for
github.com/hashicorp/nomad
(Go)
Nov 10, 2022
Unexpected panic when decoding tokens in branca
Moderate
CVE-2020-35918
was published
for
branca
(Rust)
Aug 25, 2021
HTTPS MitM vulnerability due to lack of hostname verification
Moderate
CVE-2016-10932
was published
for
hyper
(Rust)
Aug 25, 2021
Mutable reference with immutable provenance in image
Moderate
CVE-2020-35916
was published
for
image
(Rust)
Aug 25, 2021
mio invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35922
was published
for
mio
(Rust)
Aug 25, 2021
ordered_float:NotNan may contain NaN after panic in assignment operators
Moderate
CVE-2020-35923
was published
for
ordered-float
(Rust)
Aug 25, 2021
Error on unsupported architectures in raw-cpuid
Moderate
CVE-2021-26307
was published
for
raw-cpuid
(Rust)
Aug 25, 2021
Observable Timing Discrepancy in totp-rs
Moderate
CVE-2022-29185
was published
for
totp-rs
(Rust)
May 24, 2022
Cross-site Scripting in loofah
Moderate
CVE-2018-8048
was published
for
loofah
(RubyGems)
Mar 21, 2018
Doorkeeper is vulnerable to stored XSS and code execution
Moderate
CVE-2018-1000088
was published
for
doorkeeper
(RubyGems)
Mar 13, 2018
Loofah Allows Cross-site Scripting
Moderate
CVE-2019-15587
was published
for
loofah
(RubyGems)
Nov 5, 2019
Json-jwt did not verify the cryptographic signature for data
Moderate
CVE-2018-1000539
was published
for
json-jwt
(RubyGems)
Jul 31, 2018
Cross-site Scripting in Mistune
Moderate
CVE-2017-15612
was published
for
mistune
(pip)
May 17, 2022
Open Redirect in koa-remove-trailing-slashes
Moderate
CVE-2021-23384
was published
for
koa-remove-trailing-slashes
(npm)
Feb 10, 2022
HashiCorp Consul vulnerable to authorization bypass
Moderate
CVE-2022-40716
was published
for
github.com/hashicorp/consul
(Go)
Sep 25, 2022
Invalid Curve Attack in node-jose
Moderate
CVE-2017-16007
was published
for
node-jose
(npm)
Jul 20, 2018
Remote Memory Exposure in request
Moderate
CVE-2017-16026
was published
for
request
(npm)
Nov 9, 2018
Cross-Site Scripting in swagger-ui
Moderate
GHSA-4f9m-pxwh-68hg
was published
for
swagger-ui
(npm)
Sep 11, 2020
Cross-Site Scripting in @hapi/boom
Moderate
GHSA-2ggq-vfcp-gwhj
was published
for
@hapi/boom
(npm)
Sep 4, 2020
ProTip!
Advisories are also available from the
GraphQL API