GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
70 advisories
Filter by severity
Pomelo allows external control of critical state data
Moderate
CVE-2019-18954
was published
for
pomelo
(npm)
Dec 2, 2019
Sensitive Data Exposure in Apache Ant
Moderate
CVE-2020-1945
was published
for
org.apache.ant:ant
(Maven)
Sep 14, 2020
IPC messages delivered to the wrong frame in Electron
Moderate
CVE-2020-26272
was published
for
electron
(npm)
Jan 28, 2021
Local Information Disclosure Vulnerability in Netty on Unix-Like systems
Moderate
CVE-2021-21290
was published
for
io.netty:netty
(Maven)
Feb 8, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Moderate
CVE-2020-10685
was published
for
ansible
(pip)
Apr 7, 2021
Exposure of class information in RESTEasy
Moderate
CVE-2021-20289
was published
for
org.jboss.resteasy:resteasy-core
(Maven)
Apr 7, 2021
Exposure of Resource to Wrong Sphere in valib
Moderate
CVE-2019-10805
was published
for
valib
(npm)
Apr 13, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
Moderate
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File
Moderate
CVE-2020-1733
was published
for
ansible
(pip)
Apr 20, 2021
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
Man-in-the-middle attack in Apache Cassandra
Moderate
CVE-2020-13946
was published
for
org.apache.cassandra:cassandra-all
(Maven)
May 7, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Access Control Bypass
Moderate
CVE-2018-20321
was published
for
github.com/rancher/rancher
(Go)
Jun 23, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Moderate
CVE-2021-31412
was published
for
com.vaadin:vaadin-bom
(Maven)
Jun 28, 2021
The reset password form reveal users email address
Moderate
CVE-2021-32731
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Jul 2, 2021
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
Exposed phpinfo() leadked via documentation files
Moderate
CVE-2021-37704
was published
for
phpfastcache/phpfastcache
(Composer)
Aug 30, 2021
CSRF token exposure in TYPO3 extension
Moderate
CVE-2021-36793
was published
for
lms/routes
(Composer)
Sep 2, 2021
Druid ingestion system Authenticated users can read data from other sources than intended
Moderate
CVE-2021-36749
was published
for
org.apache.druid:druid-core
(Maven)
Sep 27, 2021
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Moderate
CVE-2021-39184
was published
for
electron
(npm)
Oct 12, 2021
Apache Ozone exposes OM, SCM and Datanode metadata
Moderate
CVE-2021-41532
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Malicious Atomix node queries expose sensitive information
Moderate
CVE-2020-35215
was published
for
io.atomix:atomix
(Maven)
Dec 17, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4194
was published
for
ssddanbrown/bookstack
(Composer)
Jan 8, 2022
SQL Injection in Apache Kylin
Moderate
CVE-2021-36774
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Moderate
CVE-2022-20620
was published
for
org.jenkins-ci.plugins:ssh-agent
(Maven)
Jan 13, 2022
ProTip!
Advisories are also available from the
GraphQL API