Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

62 advisories

Loading
Arbitrary File Deletion vulnerability in OctoberCMS Moderate
CVE-2020-5296 was published for october/cms (Composer) Jun 3, 2020
staz0t
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible Moderate
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix Moderate
CVE-2020-5412 was published for org.springframework.cloud:spring-cloud-netflix (Maven) Apr 30, 2021
Confused Deputy in Kubernetes Moderate
CVE-2020-8561 was published for k8s.io/kubernetes (Go) Sep 21, 2021
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and... Moderate Unreviewed
CVE-2021-36190 was published Dec 9, 2021
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful... Moderate Unreviewed
CVE-2021-37112 was published Jan 4, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar... Moderate Unreviewed
CVE-2022-0377 was published Mar 1, 2022
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to... Moderate Unreviewed
CVE-2021-39765 was published Mar 31, 2022
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1,... Moderate Unreviewed
CVE-2017-0211 was published May 13, 2022
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be... Moderate Unreviewed
CVE-2017-15269 was published May 13, 2022
Manually dragging and dropping an Outlook email message into the browser will trigger a page... Moderate Unreviewed
CVE-2018-12381 was published May 13, 2022
Shopware XXE Vulnerability Moderate
CVE-2017-18357 was published for shopware/shopware (Composer) May 14, 2022
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to... Moderate Unreviewed
CVE-2019-18202 was published May 24, 2022
ingress-nginx component for Kubernetes allows file overwrite Moderate
CVE-2020-8553 was published for k8s.io/ingress-nginx (Go) May 24, 2022
phpBB Server-Side Request Forgery Vulnerability Moderate
CVE-2020-8226 was published for phpbb/phpbb (Composer) May 24, 2022
Rudloff
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy.... Moderate Unreviewed
CVE-2020-0338 was published May 24, 2022
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy.... Moderate Unreviewed
CVE-2020-0337 was published May 24, 2022
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers... Moderate Unreviewed
CVE-2021-26711 was published May 24, 2022
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built... Moderate Unreviewed
CVE-2021-29965 was published May 24, 2022
In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a... Moderate Unreviewed
CVE-2021-0599 was published May 24, 2022
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to... Moderate Unreviewed
CVE-2020-23171 was published May 24, 2022
An arbitrary file deletion vulnerability exists within Maccms10. Moderate Unreviewed
CVE-2020-21363 was published May 24, 2022
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql Moderate
CVE-2021-3779 was published for ruby-mysql (RubyGems) Jun 29, 2022
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote... Moderate Unreviewed
CVE-2022-30245 was published Jul 16, 2022
A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50.... Moderate Unreviewed
CVE-2015-10003 was published Jul 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database