GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Permissive parameters and privilege escalation
Moderate
CVE-2018-20301
was published
for
coherence
(Erlang)
Feb 10, 2022
Missing `is_nil` requirement
Moderate
GHSA-2xxx-fhc8-9qvq
was published
for
ecto
(Erlang)
Apr 12, 2022
XSS in HEEx class attributes
Moderate
GHSA-j3gg-r6gp-95q2
was published
for
phoenix_html
(Erlang)
Apr 12, 2022
Phoenix Arbitrary URL Redirect
Moderate
CVE-2017-1000163
was published
for
phoenix
(Erlang)
Apr 12, 2022
Ejabberd DoS via malformed stanza
Moderate
CVE-2011-4320
was published
for
ejabberd
(Erlang)
May 17, 2022
phoenix_html allows Cross-site Scripting in HEEx class attributes
Moderate
CVE-2021-46871
was published
for
phoenix_html
(Erlang)
Jan 10, 2023
Pow Mnesia cache doesn't invalidate all expired keys on startup
Moderate
CVE-2023-42446
was published
for
pow
(Erlang)
Sep 19, 2023
erlang-jose vulnerable to denial of service via large p2c value
Moderate
CVE-2023-50966
was published
for
jose
(Erlang)
Mar 19, 2024
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
Moderate
CVE-2024-31209
was published
for
oidcc
(Erlang)
Apr 3, 2024
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
Moderate
CVE-2024-49756
was published
for
ash_postgres
(Erlang)
Oct 23, 2024
ProTip!
Advisories are also available from the
GraphQL API