GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
High
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
Insecure temporary file in Tensorflow
High
CVE-2022-23563
was published
for
tensorflow
(pip)
Feb 9, 2022
Exposure of Resource to Wrong Sphere in salt
High
CVE-2021-21996
was published
for
salt
(pip)
Nov 21, 2021
user-readable api tokens in systemd units for JupyterHub
High
CVE-2020-26261
was published
for
jupyterhub-systemdspawner
(pip)
Dec 9, 2020
Use of insecure temporary file in Horovod
High
CVE-2022-0315
was published
for
horovod
(pip)
Mar 29, 2022
Apache Helix Front (UI) component contained a hard-coded secret
High
CVE-2024-22281
was published
for
org.apache.helix:helix
(Maven)
Aug 21, 2024
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
High
CVE-2022-25481
was published
for
topthink/framework
(Composer)
Mar 22, 2022
robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison
High
CVE-2015-10004
was published
for
github.com/robbert229/jwt
(Go)
Dec 28, 2022
DIRAC: Unauthorized users can read proxy contents during generation
High
CVE-2024-29905
was published
for
DIRAC
(pip)
Apr 9, 2024
runc vulnerable to container breakout through process.cwd trickery and leaked fds
High
CVE-2024-21626
was published
for
github.com/opencontainers/runc
(Go)
Jan 31, 2024
Exposure of Resource to Wrong Sphere in Drupal Core
High
CVE-2020-13670
was published
for
drupal/core
(Composer)
Feb 12, 2022
n8n Information Disclosure vulnerability
High
CVE-2023-27564
was published
for
n8n
(npm)
May 10, 2023
XWiki Platform may show email addresses in clear in REST results
High
CVE-2023-35151
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Jun 20, 2023
XWiki Platform may retrieve email addresses of all users
High
CVE-2023-34467
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Jun 20, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31103
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31206
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Jeecg P3 Biz Chat allows remote attackers to read arbitrary files
High
CVE-2023-33510
was published
for
org.jeecgframework.p3:jeecg-p3-biz-chat
(Maven)
Jun 7, 2023
Calipso Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2021-23391
was published
for
calipso
(npm)
Jun 8, 2021
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
High
CVE-2023-28433
was published
for
github.com/minio/minio
(Go)
Sep 6, 2023
Hardcoded JWT Token in Lin CMS Spring Boot
High
CVE-2022-32430
was published
for
io.github.talelin:lin-cms-core
(Maven)
Jul 22, 2022
Rancher Privilege Escalation Vulnerability
High
CVE-2019-12274
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API