GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Duplicate Advisory: AWS Redshift JDBC Driver fails to validate class type during object instantiation
High
GHSA-5c6q-f783-h888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
Sep 30, 2022
•
withdrawn
Incorrect Privilege Assignment in Jenkins Script Security Plugin
High
CVE-2019-10355
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
crack does not properly restrict casts of string values
High
CVE-2013-1800
was published
for
crack
(RubyGems)
Oct 24, 2017
pg-native and libpq vulnerable to uncontrolled resource consumption
High
CVE-2022-25852
was published
for
libpq
(npm)
Jun 18, 2022
extlib does not properly restrict casts of string values
High
CVE-2013-1802
was published
for
extlib
(RubyGems)
Oct 24, 2017
Weaviate denial of service vulnerability
High
CVE-2023-38976
was published
for
github.com/weaviate/weaviate
(Go)
Aug 22, 2023
Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder
High
CVE-2022-1642
was published
for
github.com/apple/swift-corelibs-foundation
(Swift)
Jun 7, 2023
os_str_bytes relies on undefined behavior of `char::from_u32_unchecked`
High
CVE-2020-35865
was published
for
os_str_bytes
(Rust)
Aug 25, 2021
Dangling reference in flatbuffers
High
CVE-2020-35864
was published
for
flatbuffers
(Rust)
Aug 25, 2021
Cachet vulnerable to forced reinstall
High
CVE-2021-39173
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Improperly checked metadata on tools/armour itemstacks received from the client
High
GHSA-46c5-pfj8-fv65
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
High
CVE-2022-41828
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
Oct 12, 2022
ProTip!
Advisories are also available from the
GraphQL API