GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
55 advisories
Code injection in dragonfly gem
High
CVE-2013-5671
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
WEBrick Improper Input Validation vulnerability
Moderate
CVE-2009-4492
was published
for
webrick
(RubyGems)
Oct 24, 2017
Regular Expression Denial of Service in slug
Moderate
CVE-2017-16117
was published
for
slug
(npm)
Jul 24, 2018
Prototype Pollution in lodash
Moderate
CVE-2018-3721
was published
for
lodash
(RubyGems)
Jul 26, 2018
Regular Expression Denial of Service in debug
Low
CVE-2017-16137
was published
for
debug
(npm)
Aug 9, 2018
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
High
CVE-2017-9804
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
Critical
CVE-2018-19360
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
XML External Entity Reference (XXE) in jackson-databind
Critical
CVE-2018-14720
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
Regular Expression Denial of Service in clean-css
Low
GHSA-wxhq-pm8v-cw75
was published
for
clean-css
(npm)
Jun 5, 2019
Prototype Pollution in lodash
Critical
CVE-2019-10744
was published
for
lodash
(RubyGems)
Jul 10, 2019
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2019-1010266
was published
for
lodash
(RubyGems)
Jul 19, 2019
HTTP Request Smuggling in Netty
High
CVE-2019-16869
was published
for
io.netty:netty-all
(Maven)
Oct 11, 2019
Malicious package may avoid detection in python auditing
Moderate
CVE-2020-5252
was published
for
safety
(pip)
Mar 24, 2020
django-celery-results Stores Sensitive Information In Cleartext
High
CVE-2020-17495
was published
for
django-celery-results
(pip)
Jun 4, 2021
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Inefficient Regular Expression Complexity in chalk/ansi-regex
High
CVE-2021-3807
was published
for
ansi-regex
(npm)
Sep 20, 2021
Prototype Pollution in json-pointer
Moderate
CVE-2021-23820
was published
for
json-pointer
(npm)
Nov 8, 2021
Inefficient Regular Expression Complexity in Validator.js
Moderate
GHSA-xx4c-jj58-r7x6
was published
for
validator
(npm)
Nov 19, 2021
Improper Input Validation in xdLocalStorage
High
CVE-2015-9544
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Open Redirect in xdLocalStorage
Moderate
CVE-2020-11611
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Improper Input Validation in xdLocalStorage
High
CVE-2015-9545
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API