GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
131 advisories
Filter by severity
Local API Login Credentials Disclosure in paratrooper-pingdom
Low
CVE-2014-1233
was published
for
paratrooper-pingdom
(RubyGems)
Oct 24, 2017
Incorrect Permission Assignment for Critical Resource in Apache hive
Low
CVE-2018-1315
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
Low
CVE-2018-1284
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
SSL Validation Defaults to False in electron-packager
Low
CVE-2016-10534
was published
for
electron-packager
(npm)
Feb 18, 2019
Malicious URL drafting attack against iodines static file server may allow path traversal
Low
CVE-2024-22050
was published
for
iodine
(RubyGems)
Oct 7, 2019
Log injection in SimpleSAMLphp
Low
CVE-2020-5225
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Link injection in SimpleSAMLphp
Low
GHSA-2r3v-q9x3-7g46
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Low
GHSA-mr6r-mvw4-736g
was published
for
vyper
(pip)
Mar 25, 2020
Cross-site Scripting in October
Low
CVE-2020-4061
was published
for
october/backend
(Composer)
Jul 2, 2020
Path Traversal in openapi-python-client
Low
CVE-2020-15141
was published
for
openapi-python-client
(pip)
Aug 20, 2020
Command Injection in ascii-art
Low
GHSA-9hqj-38j2-5jgm
was published
for
ascii-art
(npm)
Sep 1, 2020
Prototype Pollution in @hapi/hoek
Low
GHSA-22h7-7wwg-qmgg
was published
for
@hapi/hoek
(npm)
Sep 4, 2020
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
Memory exhaustion in http4s-async-http-client with large or malicious compressed responses
Low
GHSA-8hxh-r6f7-jf45
was published
for
org.http4s:http4s-async-http-client_2.12
(Maven)
Oct 16, 2020
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
Low
CVE-2021-21330
was published
for
aiohttp
(pip)
Feb 26, 2021
User content sandbox can be confused into opening arbitrary documents
Low
CVE-2021-21320
was published
for
matrix-react-sdk
(npm)
Mar 3, 2021
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
Low
CVE-2021-21337
was published
for
Products.PluggableAuthService
(pip)
Mar 8, 2021
CSRF Vuln can expose user's QRcode
Low
GHSA-fxq4-r6mr-9x64
was published
for
Flask-Security-Too
(pip)
Apr 8, 2021
Local directory executable lookup in sops (Windows-only)
Low
GHSA-x5c7-x7m2-rhmf
was published
for
go.mozilla.org/sops/v3
(Go)
May 20, 2021
OOB read in `MatrixTriangularSolve`
Low
CVE-2021-29551
was published
for
tensorflow
(pip)
May 21, 2021
Crash due to malformed relay protocol message
Low
CVE-2021-21404
was published
for
github.com/syncthing/syncthing
(Go)
May 21, 2021
Improper Sanitizing of plugin names in helm
Low
CVE-2020-15186
was published
for
helm.sh/helm
(Go)
May 24, 2021
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
Low
GHSA-jcgr-9698-82jx
was published
for
@floffah/build
(npm)
May 28, 2021
ProTip!
Advisories are also available from the
GraphQL API