Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Unauthorized File Access in node-git-server High
GHSA-cv3v-7846-6pxm was published for node-git-server (npm) Sep 3, 2020
Vulnerability allowing for reading internal HTTP resources High
GHSA-hfwx-c7q6-g54c was published for highcharts-export-server (npm) Mar 12, 2021
Unauthorized access through URL manipulation High
GHSA-qrmm-w4v4-q7f8 was published for docassemble (pip) May 6, 2021
jimmio Credited to jimmio
Files or Directories Accessible to External Parties in Adminer High
CVE-2021-43008 was published for vrana/adminer (Composer) Apr 6, 2022
Arbitrary file read in ginadmin High
CVE-2022-30428 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin High
CVE-2022-30945 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 18, 2022
NotMyFault Credited to NotMyFault
GitOps Run allows for Kubernetes workload injection High
CVE-2022-23508 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf Credited to pjbgf
Wildfly-Core user account mismanagement High
CVE-2021-3717 was published for org.wildfly.core:wildfly-core-parent (Maven) May 25, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket High
CVE-2020-11976 was published for org.apache.wicket:wicket-core (Maven) May 7, 2021
jacobovazquez Credited to jacobovazquez
Files or Directories Accessible to External Parties in ether/logs High
CVE-2021-32752 was published for ether/logs (Composer) Jul 12, 2021
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
Information Exposure in Heketi High
CVE-2017-15104 was published for github.com/heketi/heketi (Go) Feb 15, 2022
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
PhantomJS Arbitrary File Read High
CVE-2019-17221 was published for phantomjs (npm) May 24, 2022
Dolibarr vulnerable to unauthenticated database access High
CVE-2023-33568 was published for dolibarr/dolibarr (Composer) Jun 13, 2023
Apache InLong has Files or Directories Accessible to External Parties High
CVE-2023-31064 was published for org.apache.inlong:manager-workflow (Maven) Jul 6, 2023
Local Temp Directory Hijacking Vulnerability High
CVE-2020-27216 was published for org.eclipse.jetty:jetty-webapp (Maven) Nov 4, 2020
JLLeitschuh Credited to JLLeitschuh and timtebeek timtebeek timtebeek
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen Credited to smichaelsen, ohader, marclindemann, vertexvaar, sushiwushi, and waldhacker1 ohader ohader
marclindemann marclindemann vertexvaar vertexvaar sushiwushi sushiwushi waldhacker1 waldhacker1
Dompdf allows remote file inclusion because URI validation failure does not halt font registration High
CVE-2022-41343 was published for dompdf/dompdf (Composer) Sep 26, 2022
Files or Directories Accessible to External Parties in org.springframework:spring-core High
CVE-2015-5211 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ Credited to sunSUNQ
Pterodactyl Wings vulnerable to Arbitrary File Write/Read High
CVE-2024-34066 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux Credited to TrixterTheTux and matthewpi matthewpi matthewpi
Apache SeaTunnel SQL Injection vulnerability High
CVE-2023-49198 was published for org.apache.seatunnel:seatunnel (Maven) Aug 21, 2024
Craft CMS Arbitrary System File Read High
CVE-2024-52292 was published for craftcms/cms (Composer) Nov 13, 2024
pk2codes Credited to pk2codes
SiYuan has an arbitrary file deletion vulnerability High
CVE-2025-21609 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 3, 2025
N0el4kLs Credited to N0el4kLs
Sparkle Signing Checks Bypass High
CVE-2025-0509 was published for github.com/sparkle-project/Sparkle (Swift) Feb 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database