Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

267 advisories

Loading
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows... Low Unreviewed
CVE-2021-25521 was published Dec 9, 2021
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the... Moderate Unreviewed
CVE-2021-43772 was published Dec 4, 2021
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
Files or Directories Accessible to External Parties in ether/logs High
CVE-2021-32752 was published for ether/logs (Composer) Jul 12, 2021
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket High
CVE-2020-11976 was published for org.apache.wicket:wicket-core (Maven) May 7, 2021
jacobovazquez
Unauthorized access through URL manipulation High
GHSA-qrmm-w4v4-q7f8 was published for docassemble (pip) May 6, 2021
jimmio
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin Moderate
CVE-2021-21429 was published for org.openapitools:openapi-generator-maven-plugin (Maven) Apr 29, 2021
JLLeitschuh
Exposure of .env if project root is configured as web root in shopware/production Moderate
GHSA-3pcr-4982-548m was published for shopware/production (Composer) Apr 13, 2021
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen ohader
marclindemann vertexvaar sushiwushi waldhacker1
Vulnerability allowing for reading internal HTTP resources High
GHSA-hfwx-c7q6-g54c was published for highcharts-export-server (npm) Mar 12, 2021
Path Traversal in Apache Flink High
CVE-2020-17519 was published for org.apache.flink:flink-runtime_2.11 (Maven) Jan 6, 2021
stephanmiehe
Local Temp Directory Hijacking Vulnerability High
CVE-2020-27216 was published for org.eclipse.jetty:jetty-webapp (Maven) Nov 4, 2020
JLLeitschuh timtebeek
Unauthorized File Access in node-git-server High
GHSA-cv3v-7846-6pxm was published for node-git-server (npm) Sep 3, 2020
Broken access control on files Moderate
CVE-2019-14273 was published for silverstripe/framework (Composer) Jul 15, 2020
Arbitrary file read via window-open IPC in Electron Moderate
CVE-2020-4075 was published for electron (npm) Jul 7, 2020
Files or Directories Accessible to External Parties in org.springframework:spring-core High
CVE-2015-5211 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database