GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
Validation Bypass in schema-inspector
Critical
CVE-2019-10781
was published
for
schema-inspector
(npm)
Jun 10, 2020
Context isolation bypass in Electron
Low
CVE-2020-15215
was published
for
electron
(npm)
Oct 6, 2020
After order payment process manipulation in shopware/platform and shopware/core
Critical
GHSA-88rc-3p98-rgvx
was published
for
shopware/core
(Composer)
Apr 13, 2021
Leak of information via Store-API aggregations in shopware/platform and shopware/core
Critical
GHSA-qg7c-q3vq-rgxr
was published
for
shopware/core
(Composer)
Apr 13, 2021
Java Merge-sort Insecure Temporary File vulnerability
Moderate
CVE-2022-24913
was published
for
com.fasterxml.util:java-merge-sort
(Maven)
Jan 12, 2023
Apache Superset has Improper Access Control
Moderate
CVE-2022-45438
was published
for
apache-superset
(pip)
Jan 16, 2023
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
High
CVE-2021-31407
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Moderate
CVE-2022-27817
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 15, 2022
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Low
CVE-2022-27814
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 15, 2022
Improper Control of a Resource Through its Lifetime in Mattermost
Moderate
CVE-2022-1385
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Apr 20, 2022
CSRF token exposure in TYPO3 extension
Moderate
CVE-2021-36793
was published
for
lms/routes
(Composer)
Sep 2, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4194
was published
for
ssddanbrown/bookstack
(Composer)
Jan 8, 2022
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Moderate
CVE-2022-24823
was published
for
io.netty:netty-codec-http
(Maven)
May 10, 2022
Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign
High
CVE-2021-22044
was published
for
org.springframework.cloud:spring-cloud-openfeign-core
(Maven)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Moderate
CVE-2021-4180
was published
for
tripleo-heat-templates
(pip)
Mar 24, 2022
Exposure of Resource to Wrong Sphere in Spring Data REST
Moderate
CVE-2021-22047
was published
for
org.springframework.data:spring-data-rest-core
(Maven)
May 24, 2022
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Low
CVE-2022-29247
was published
for
electron
(npm)
Jun 16, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
High
CVE-2022-21126
was published
for
com.github.samtools:htsjdk
(Maven)
Nov 29, 2022
Undertow vulnerable to Denial of Service (DoS) attacks
High
CVE-2021-3859
was published
for
io.undertow:undertow-core
(Maven)
Jul 15, 2022
ManyDesigns Portofino subject to creation of insecure temporary file
High
CVE-2022-3952
was published
for
com.manydesigns:portofino
(Maven)
Nov 11, 2022
Insecure temporary file usage in SWHKD
Critical
CVE-2022-27818
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 8, 2022
Potential sensitive data exposure in applications using Vaadin 15
Low
CVE-2020-36319
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
ProTip!
Advisories are also available from the
GraphQL API