GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Insecure Default Configuration in tesseract.js
Moderate
GHSA-83rx-c8cr-6j8q
was published
for
tesseract.js
(npm)
Jun 5, 2019
High severity vulnerability that affects generator-jhipster
High
GHSA-mc84-xr9p-938r
was published
for
generator-jhipster
(npm)
Sep 23, 2019
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
High
CVE-2019-10240
was published
for
org.eclipse.hawkbit:hawkbit-autoconfigure
(Maven)
Apr 15, 2019
Local File read vulnerability in OctoberCMS
Moderate
CVE-2020-5295
was published
for
october/cms
(Composer)
Jun 3, 2020
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
High
CVE-2020-8128
was published
for
jsreport
(npm)
Apr 13, 2021
Command Injection in @theia/messages
Moderate
CVE-2021-28162
was published
for
@theia/messages
(npm)
May 10, 2021
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
Moderate
CVE-2021-26272
was published
for
ckeditor4
(npm)
Oct 13, 2021
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
High
CVE-2019-10248
was published
for
org.eclipse.vorto:org.eclipse.vorto.core
(Maven)
May 24, 2022
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Low
CVE-2022-4134
was published
for
glance
(pip)
Mar 7, 2023
Embedded malware in ua-parser-js
High
GHSA-pjwm-rvh2-c87w
was published
for
ua-parser-js
(npm)
Oct 22, 2021
paranoid2 gem Code backdoor
Critical
CVE-2019-13589
was published
for
paranoid2
(RubyGems)
Jul 16, 2019
Unintended Require in larvitbase-api
High
CVE-2019-5479
was published
for
larvitbase-api
(npm)
Sep 11, 2019
Breaking unlinkability in Identity Mixer using malicious keys
Low
CVE-2022-31021
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
PHPMailer untrusted code may be run from an overridden address validator
High
CVE-2021-3603
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
High
CVE-2024-24821
was published
for
composer/composer
(Composer)
Feb 8, 2024
Magento remote code execution vulnerability
High
CVE-2019-8154
was published
for
magento/community-edition
(Composer)
May 24, 2022
Apache HDFS Provider error message suggested
High
CVE-2023-41267
was published
for
apache-airflow-providers-apache-hdfs
(pip)
Sep 14, 2023
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
High
CVE-2024-28184
was published
for
weasyprint
(pip)
Mar 8, 2024
Drupal Remote code execution
High
CVE-2017-6381
was published
for
drupal/core
(Composer)
May 13, 2022
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
High
CVE-2021-20187
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moderate severity vulnerability that affects org.springframework:spring-core
Moderate
CVE-2018-11040
was published
for
org.springframework:spring-core
(Maven)
Oct 16, 2018
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Low
CVE-2024-38537
was published
for
ethyca-fides
(pip)
Jul 2, 2024
Anki Latex Incomplete Blocklist Vulnerability
Moderate
CVE-2024-29073
was published
for
anki
(pip)
Jul 22, 2024
Improper Locking in JetBrains Kotlin
Moderate
CVE-2022-24329
was published
for
org.jetbrains.kotlin:kotlin-stdlib
(Maven)
Feb 26, 2022
ProTip!
Advisories are also available from the
GraphQL API