Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

291 advisories

Loading
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts... High Unreviewed
CVE-2021-23263 was published Dec 3, 2021
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user.... High Unreviewed
CVE-2021-36917 was published Nov 25, 2021
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS,... High Unreviewed
CVE-2021-34424 was published Nov 25, 2021
Exposure of Resource to Wrong Sphere in salt High
CVE-2021-21996 was published for salt (pip) Nov 21, 2021
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Exposure of Resource to Wrong Sphere in LibreNMS High
CVE-2020-15877 was published for librenms/librenms (Composer) Sep 8, 2021
Remote code execution in Eclipse Theia High
CVE-2021-34435 was published for @theia/mini-browser (npm) Sep 2, 2021
Arbitrary code execution in Apache Druid High
CVE-2021-26919 was published for org.apache.druid:druid (Maven) Jun 16, 2021
Calipso Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2021-23391 was published for calipso (npm) Jun 8, 2021
Insecure permissions on build temporary rootfs in Singularity High
CVE-2020-25040 was published for github.com/sylabs/singularity (Go) May 24, 2021
dtrudg tri-adam
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible High
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure High
CVE-2021-31407 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
user-readable api tokens in systemd units for JupyterHub High
CVE-2020-26261 was published for jupyterhub-systemdspawner (pip) Dec 9, 2020
quentinmit
Validation Bypass in kind-of High
CVE-2019-20149 was published for kind-of (npm) Mar 31, 2020
TaffyDB can allow access to any data items in the DB High
CVE-2019-10790 was published for taffy (npm) Feb 19, 2020
ebickle
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database