GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Permissive parameters and privilege escalation
Moderate
CVE-2018-20301
was published
for
coherence
(Erlang)
Feb 10, 2022
Arbitrary Code Execution in Cookie Serialization
High
CVE-2017-1000053
was published
for
plug
(Erlang)
Apr 12, 2022
Missing `is_nil` requirement
Moderate
GHSA-2xxx-fhc8-9qvq
was published
for
ecto
(Erlang)
Apr 12, 2022
XSS in HEEx class attributes
Moderate
GHSA-j3gg-r6gp-95q2
was published
for
phoenix_html
(Erlang)
Apr 12, 2022
Inline DTD allows XML bomb attack
High
CVE-2019-15160
was published
for
sweet_xml
(Erlang)
Apr 12, 2022
Null Byte Injection in Plug.Static
High
CVE-2017-1000052
was published
for
plug
(Erlang)
Apr 12, 2022
Remote Code Execution in paginator
Critical
CVE-2020-15150
was published
for
paginator
(Erlang)
Apr 12, 2022
alchemist.vim vulnerable to remote code execution
Critical
CVE-2017-1000212
was published
for
alchemist.vim
(Erlang)
May 13, 2022
Pivotal RabbitMQ is vulnerable to a denial of service attack
High
CVE-2019-11287
was published
for
RabbitMQ
(Erlang)
May 24, 2022
Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream
High
CVE-2014-2829
was published
for
MongooseIM
(Erlang)
May 17, 2022
Cross-site Scripting in RabbitMQ
Low
CVE-2019-11291
was published
for
rabbit_common
(Erlang)
May 24, 2022
Ecto lacks a protection mechanism
Critical
CVE-2017-20166
was published
for
ecto
(Erlang)
Jan 10, 2023
phoenix_html allows Cross-site Scripting in HEEx class attributes
Moderate
CVE-2021-46871
was published
for
phoenix_html
(Erlang)
Jan 10, 2023
Phoenix Arbitrary URL Redirect
Moderate
CVE-2017-1000163
was published
for
phoenix
(Erlang)
Apr 12, 2022
ecdsa-elixir fails to check signatures, vulnerable to message forging
Critical
CVE-2021-43568
was published
for
ecdsa-elixir
(Erlang)
May 24, 2022
Pow Mnesia cache doesn't invalidate all expired keys on startup
Moderate
CVE-2023-42446
was published
for
pow
(Erlang)
Sep 19, 2023
MTProto proxy remote code execution vulnerability
High
CVE-2023-45312
was published
for
mtproto_proxy
(Erlang)
Oct 10, 2023
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
High
CVE-2023-35174
was published
for
livebook
(Erlang)
Jun 21, 2023
Ejabberd DoS via malformed stanza
Moderate
CVE-2011-4320
was published
for
ejabberd
(Erlang)
May 17, 2022
Pleroma Path Traversal vulnerability
Low
CVE-2023-5588
was published
for
pleroma
(Erlang)
Oct 16, 2023
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
Moderate
CVE-2024-31209
was published
for
oidcc
(Erlang)
Apr 3, 2024
ProTip!
Advisories are also available from the
GraphQL API