GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
High severity vulnerability that affects generator-jhipster
High
GHSA-mc84-xr9p-938r
was published
for
generator-jhipster
(npm)
Sep 23, 2019
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
High
CVE-2019-10240
was published
for
org.eclipse.hawkbit:hawkbit-autoconfigure
(Maven)
Apr 15, 2019
Incorrect Resource Transfer Between Spheres in Grails
High
CVE-2019-12728
was published
for
org.grails:grails-core
(Maven)
May 24, 2022
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
High
CVE-2019-10248
was published
for
org.eclipse.vorto:org.eclipse.vorto.core
(Maven)
May 24, 2022
Sinatra vulnerable to Reflected File Download attack
High
CVE-2022-45442
was published
for
sinatra
(RubyGems)
Nov 30, 2022
RuoYi vulnerable to arbitrary file download
High
CVE-2023-27025
was published
for
com.ruoyi:ruoyi
(Maven)
Apr 2, 2023
Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Critical
CVE-2020-2320
was published
for
io.jenkins.plugin-management:plugin-management-parent-pom
(Maven)
May 24, 2022
Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function
Moderate
CVE-2023-29401
was published
for
github.com/gin-gonic/gin
(Go)
May 12, 2023
Artifact Hub has Incorrect Docker Hub registry check
Moderate
CVE-2023-45821
was published
for
github.com/artifacthub/hub
(Go)
Oct 19, 2023
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
High
CVE-2020-5398
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
WP Crontrol vulnerable to possible RCE when combined with a pre-condition
High
CVE-2024-28850
was published
for
johnbillion/wp-crontrol
(Composer)
Mar 25, 2024
Cargo prior to Rust 1.26.0 may download the wrong dependency
High
CVE-2019-16760
was published
for
cargo
(Rust)
May 24, 2022
Django vulnerable to Reflected File Download attack
High
CVE-2022-36359
was published
for
Django
(pip)
Aug 11, 2022
Gradio lacks integrity checking on the downloaded FRP client
High
CVE-2024-47867
was published
for
gradio
(pip)
Oct 10, 2024
ProTip!
Advisories are also available from the
GraphQL API