GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
High
CVE-2021-31407
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign
High
CVE-2021-22044
was published
for
org.springframework.cloud:spring-cloud-openfeign-core
(Maven)
May 24, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
High
CVE-2022-21126
was published
for
com.github.samtools:htsjdk
(Maven)
Nov 29, 2022
Undertow vulnerable to Denial of Service (DoS) attacks
High
CVE-2021-3859
was published
for
io.undertow:undertow-core
(Maven)
Jul 15, 2022
ManyDesigns Portofino subject to creation of insecure temporary file
High
CVE-2022-3952
was published
for
com.manydesigns:portofino
(Maven)
Nov 11, 2022
Arbitrary code execution in Apache Druid
High
CVE-2021-26919
was published
for
org.apache.druid:druid
(Maven)
Jun 16, 2021
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
Arbitrary filesystem write access from velocity.
High
CVE-2022-24897
was published
for
org.xwiki.commons:xwiki-commons-velocity
(Maven)
Apr 28, 2022
Ethermint vulnerable to DoS through unintended Contract Selfdestruct
High
CVE-2022-35936
was published
for
github.com/Kava-Labs/kava
(Go)
Aug 18, 2022
TaffyDB can allow access to any data items in the DB
High
CVE-2019-10790
was published
for
taffy
(npm)
Feb 19, 2020
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
High
CVE-2022-21724
was published
for
org.postgresql:postgresql
(Maven)
Feb 2, 2022
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
High
CVE-2020-25039
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Exposure of Resource to Wrong Sphere in LibreNMS
High
CVE-2020-15877
was published
for
librenms/librenms
(Composer)
Sep 8, 2021
Insecure permissions on build temporary rootfs in Singularity
High
CVE-2020-25040
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
ecdh vulnerable to Exposure of Resource to Wrong Sphere
High
CVE-2022-44310
was published
for
ecdh
(npm)
Feb 24, 2023
Cronos vulnerable to DoS through unintended Contract Selfdestruct
High
GHSA-gwj5-wp6r-5q9f
was published
for
github.com/crypto-org-chain/cronos
(Go)
Aug 11, 2022
org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents
High
CVE-2023-29208
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 12, 2023
Abomonation transmutes &T to and from &[u8] without sufficient constraints
High
CVE-2021-45708
was published
for
abomonation
(Rust)
Jan 6, 2022
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
High
CVE-2022-23118
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
Jan 13, 2022
xdlocalstorage does not verify request origin
High
CVE-2020-11610
was published
for
xdlocalstorage
(npm)
May 24, 2022
Improper Privilege Management in Spring Framework
High
CVE-2021-22118
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
Rancher Privilege Escalation Vulnerability
High
CVE-2019-12274
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API