Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
Token bruteforcing. Moderate
CVE-2022-29238 was published for notebook (pip) Jun 16, 2022
rashley-iqt
Open Redirect in url-parse Critical
CVE-2018-3774 was published for url-parse (npm) Aug 13, 2018
Wagtail vulnerable to disclosure of user names via admin bulk action views Low
CVE-2023-45809 was published for wagtail (pip) Oct 19, 2023
quyenheu
Missing Authorization in Jenkins Moderate
CVE-2019-10354 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
Silverstripe Forum Module CSRF Vulnerability Moderate
GHSA-w8fq-xgvh-cxc2 was published for silverstripe/forum (Composer) May 23, 2024
Silverstripe Missing security check on dev/build/defaults Moderate
GHSA-x5w2-wcr8-9q45 was published for silverstripe/framework (Composer) May 23, 2024
Unsafe handling of user-specified cookies in treq High
CVE-2022-23607 was published for treq (pip) Feb 1, 2022
glyph twm
Forced Browsing in Twisted Moderate
CVE-2016-1000111 was published for twisted (pip) Apr 30, 2021
dot-prop Prototype Pollution vulnerability High
CVE-2020-8116 was published for dot-prop (npm) Jul 29, 2020
Showdoc Unauthenticated Access Moderate
CVE-2018-19620 was published for showdoc/showdoc (Composer) May 13, 2022
cx-aditya-dixit
The femanager TYPO3 extension allows Insecure Direct Object Reference Moderate
CVE-2025-48202 was published for in2code/femanager (Composer) May 21, 2025
reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference Moderate
CVE-2025-48207 was published for renolit/reint-downloadmanager (Composer) May 21, 2025
The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location High
CVE-2025-48201 was published for nitsan/ns-backup (Composer) May 21, 2025
The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference High
CVE-2025-48205 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
Grokability Snipe-IT has incorrect authorization for accessing asset information Moderate
CVE-2025-47226 was published for snipe/snipe-it (Composer) May 2, 2025
Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions Moderate
CVE-2023-3426 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database