Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,944 advisories

Loading
Potential memory exposure in dns-packet High
CVE-2021-23386 was published for dns-packet (npm) May 24, 2021
Information Disclosure in HashiCorp Vault High
CVE-2020-13223 was published for github.com/hashicorp/vault (Go) May 18, 2021
Insecure template handling in Squirrelly High
CVE-2021-32819 was published for squirrelly (npm) May 17, 2021
bgub Credited to bgub
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket High
CVE-2020-11976 was published for org.apache.wicket:wicket-core (Maven) May 7, 2021
jacobovazquez Credited to jacobovazquez
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability High
CVE-2021-22885 was published for actionpack (RubyGems) May 5, 2021
Plaintext password leak in Apache Superset High
CVE-2020-13952 was published for apache-superset (pip) Apr 30, 2021
.NET Core Information Disclosure High
CVE-2018-8292 was published for System.Net.Http (NuGet) Apr 21, 2021
ApiKey secret could be revelated on network issue High
CVE-2021-21421 was published for node-etsy-client (npm) Apr 6, 2021
boly38 Credited to boly38
OMERO.web exposes some unnecessary session information in the page High
CVE-2021-21376 was published for omero-web (pip) Mar 23, 2021
Django Channels leakage of session identifiers using legacy AsgiHandler High
CVE-2020-35681 was published for channels (pip) Mar 19, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager High
CVE-2021-21336 was published for Products.PluggableAuthService (pip) Mar 8, 2021
chutchut Credited to chutchut
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID High
CVE-2018-10189 was published for mautic/core (Composer) Jan 19, 2021
micschk Credited to micschk
Arbitrary File Read in phantom-html-to-pdf High
CVE-2020-7763 was published for phantom-html-to-pdf (npm) Nov 6, 2020
Unauthorized File Access in atompm High
GHSA-v86x-f47q-f7f4 was published for atompm (npm) Sep 11, 2020
Missing Origin Validation in browserify-hmr High
CVE-2018-14730 was published for browserify-hmr (npm) Sep 1, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader Credited to ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader Credited to ohader
XML External Entity Injection in XStream High
CVE-2016-3674 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix Credited to mixmix, christianbundy, arj03, staltz, and cryptix christianbundy christianbundy
arj03 arj03 staltz staltz cryptix cryptix
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
levpachmanov Credited to levpachmanov
Polymorphic deserialization of malicious object in jackson-databind High
CVE-2019-14892 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo Credited to davimacedo
Improper authentication in Symfony High
CVE-2019-10911 was published for symfony/security (Composer) Feb 12, 2020
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop High
CVE-2018-1296 was published for org.apache.hadoop:hadoop-main (Maven) Feb 12, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database