Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
TaffyDB can allow access to any data items in the DB High
CVE-2019-10790 was published for taffy (npm) Feb 19, 2020
ebickle
Validation Bypass in kind-of High
CVE-2019-20149 was published for kind-of (npm) Mar 31, 2020
user-readable api tokens in systemd units for JupyterHub High
CVE-2020-26261 was published for jupyterhub-systemdspawner (pip) Dec 9, 2020
quentinmit
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure High
CVE-2021-31407 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible High
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Insecure permissions on build temporary rootfs in Singularity High
CVE-2020-25040 was published for github.com/sylabs/singularity (Go) May 24, 2021
dtrudg tri-adam
Calipso Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2021-23391 was published for calipso (npm) Jun 8, 2021
Arbitrary code execution in Apache Druid High
CVE-2021-26919 was published for org.apache.druid:druid (Maven) Jun 16, 2021
Remote code execution in Eclipse Theia High
CVE-2021-34435 was published for @theia/mini-browser (npm) Sep 2, 2021
Exposure of Resource to Wrong Sphere in LibreNMS High
CVE-2020-15877 was published for librenms/librenms (Composer) Sep 8, 2021
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Exposure of Resource to Wrong Sphere in salt High
CVE-2021-21996 was published for salt (pip) Nov 21, 2021
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity High
CVE-2020-25039 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
xman
Abomonation transmutes &T to and from &[u8] without sufficient constraints High
CVE-2021-45708 was published for abomonation (Rust) Jan 6, 2022
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes High
CVE-2022-21724 was published for org.postgresql:postgresql (Maven) Feb 2, 2022
iSafeBlue
Insecure temporary file in Tensorflow High
CVE-2022-23563 was published for tensorflow (pip) Feb 9, 2022
Exposure of Resource to Wrong Sphere in Drupal Core High
CVE-2020-13670 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Insecure Temporary File in mlflow High
CVE-2022-0736 was published for mlflow (pip) Feb 24, 2022
Exposure of Resource to Wrong Sphere in ThinkPHP Framework High
CVE-2022-25481 was published for topthink/framework (Composer) Mar 22, 2022
Use of insecure temporary file in Horovod High
CVE-2022-0315 was published for horovod (pip) Mar 29, 2022
JamieSlome ashahab
Arbitrary filesystem write access from velocity. High
CVE-2022-24897 was published for org.xwiki.commons:xwiki-commons-velocity (Maven) Apr 28, 2022
kurt-r2c
Rancher Privilege Escalation Vulnerability High
CVE-2019-12274 was published for github.com/rancher/rancher (Go) May 24, 2022
xdlocalstorage does not verify request origin High
CVE-2020-11610 was published for xdlocalstorage (npm) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database