GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
39 advisories
Filter by severity
Potential leak of authentication data to 3rd parties
Critical
CVE-2023-30846
was published
for
typed-rest-client
(npm)
Apr 27, 2023
HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057
High
CVE-2023-28465
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Mar 10, 2023
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
Critical
CVE-2023-24057
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Jan 23, 2023
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2022-41946
was published
for
org.postgresql:postgresql
(Maven)
Nov 23, 2022
Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`
Moderate
CVE-2022-36007
was published
for
com.github.jlangch:venice
(Maven)
Aug 18, 2022
Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
Moderate
CVE-2022-37423
was published
for
org.neo4j.procedure:apoc
(Maven)
Aug 12, 2022
Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
High
CVE-2022-31159
was published
for
com.amazonaws:aws-java-sdk-s3
(Maven)
Jul 15, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils
Moderate
CVE-2022-26850
was published
for
org.apache.nifi:nifi-single-user-utils
(Maven)
Jun 20, 2022
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Moderate
CVE-2022-24823
was published
for
io.netty:netty-codec-http
(Maven)
May 10, 2022
Temporary Directory Hijacking Vulnerability in Keycloak
High
CVE-2021-20202
was published
for
org.keycloak:keycloak-core
(Maven)
Mar 18, 2022
Cached redirect poisoning via X-Forwarded-Host header
High
CVE-2021-29479
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Ratpack's default client side session signing key is highly predictable
Moderate
CVE-2021-29480
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
Unencrypted storage of client side sessions
Moderate
CVE-2021-29481
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
Remote Code Execution Vulnerability in Session Storage
Critical
CVE-2021-29485
was published
for
io.ratpack:ratpack-core
(Maven)
Jul 1, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Critical
CVE-2021-21428
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 11, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Moderate
CVE-2021-21429
was published
for
org.openapitools:openapi-generator-maven-plugin
(Maven)
Apr 29, 2021
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
Netflix/Priam: Temporary Directory Information Disclosure
Moderate
CVE-2021-28100
was published
for
com.netflix.priam:priam
(Maven)
Mar 30, 2021
Generated Code Contains Local Information Disclosure Vulnerability
Moderate
CVE-2021-21364
was published
for
io.swagger:swagger-codegen
(Maven)
Mar 11, 2021
Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory
Low
CVE-2021-21363
was published
for
io.swagger:swagger-codegen
(Maven)
Mar 11, 2021
Local Information Disclosure Vulnerability
Low
CVE-2021-21331
was published
for
com.datadoghq:datadog-api-client
(Maven)
Mar 3, 2021
ProTip!
Advisories are also available from the
GraphQL API