GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
70 advisories
Filter by severity
Java Merge-sort Insecure Temporary File vulnerability
Moderate
CVE-2022-24913
was published
for
com.fasterxml.util:java-merge-sort
(Maven)
Jan 12, 2023
Apache Superset has Improper Access Control
Moderate
CVE-2022-45438
was published
for
apache-superset
(pip)
Jan 16, 2023
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Moderate
CVE-2022-27817
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 15, 2022
Improper Control of a Resource Through its Lifetime in Mattermost
Moderate
CVE-2022-1385
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Apr 20, 2022
CSRF token exposure in TYPO3 extension
Moderate
CVE-2021-36793
was published
for
lms/routes
(Composer)
Sep 2, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4194
was published
for
ssddanbrown/bookstack
(Composer)
Jan 8, 2022
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Moderate
CVE-2022-24823
was published
for
io.netty:netty-codec-http
(Maven)
May 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Moderate
CVE-2021-4180
was published
for
tripleo-heat-templates
(pip)
Mar 24, 2022
Exposure of Resource to Wrong Sphere in Spring Data REST
Moderate
CVE-2021-22047
was published
for
org.springframework.data:spring-data-rest-core
(Maven)
May 24, 2022
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Moderate
CVE-2021-31412
was published
for
com.vaadin:vaadin-bom
(Maven)
Jun 28, 2021
The reset password form reveal users email address
Moderate
CVE-2021-32731
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Jul 2, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Apache Ozone exposes OM, SCM and Datanode metadata
Moderate
CVE-2021-41532
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Moderate
CVE-2021-39184
was published
for
electron
(npm)
Oct 12, 2021
Sensitive Data Exposure in Apache Ant
Moderate
CVE-2020-1945
was published
for
org.apache.ant:ant
(Maven)
Sep 14, 2020
IPC messages delivered to the wrong frame in Electron
Moderate
CVE-2020-26272
was published
for
electron
(npm)
Jan 28, 2021
Exposure of class information in RESTEasy
Moderate
CVE-2021-20289
was published
for
org.jboss.resteasy:resteasy-core
(Maven)
Apr 7, 2021
Incorrect Authorization in keycloak
Moderate
CVE-2020-1725
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Exposure of Resource to Wrong Sphere in valib
Moderate
CVE-2019-10805
was published
for
valib
(npm)
Apr 13, 2021
Access Control Bypass
Moderate
CVE-2018-20321
was published
for
github.com/rancher/rancher
(Go)
Jun 23, 2021
Man-in-the-middle attack in Apache Cassandra
Moderate
CVE-2020-13946
was published
for
org.apache.cassandra:cassandra-all
(Maven)
May 7, 2021
Exposed phpinfo() leadked via documentation files
Moderate
CVE-2021-37704
was published
for
phpfastcache/phpfastcache
(Composer)
Aug 30, 2021
Malicious Atomix node queries expose sensitive information
Moderate
CVE-2020-35215
was published
for
io.atomix:atomix
(Maven)
Dec 17, 2021
Insufficient user authorization in Moodle
Moderate
CVE-2022-0334
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
ProTip!
Advisories are also available from the
GraphQL API