GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Validation Bypass in schema-inspector
Critical
CVE-2019-10781
was published
for
schema-inspector
(npm)
Jun 10, 2020
After order payment process manipulation in shopware/platform and shopware/core
Critical
GHSA-88rc-3p98-rgvx
was published
for
shopware/core
(Composer)
Apr 13, 2021
Leak of information via Store-API aggregations in shopware/platform and shopware/core
Critical
GHSA-qg7c-q3vq-rgxr
was published
for
shopware/core
(Composer)
Apr 13, 2021
Insecure temporary file usage in SWHKD
Critical
CVE-2022-27818
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 8, 2022
Exposure of Resource to Wrong Sphere in org.craftercms:crafter-search
Critical
CVE-2021-23264
was published
for
org.craftercms:crafter-search
(Maven)
Dec 16, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Critical
CVE-2021-21428
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 11, 2021
globalpom-utils has Insecure Temporary File
Critical
CVE-2018-25068
was published
for
com.anrisoftware.globalpom:globalpomutils
(Maven)
Jan 6, 2023
Exposure of sensitive information in Apache Ozone
Critical
CVE-2021-39231
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Exposure of Resource to Wrong Sphere in Zip-Local
Critical
CVE-2021-23484
was published
for
zip-local
(npm)
Feb 1, 2022
CodenameOne Pending Intent vulnerability
Critical
CVE-2022-4903
was published
for
com.codenameone:codenameone-core
(Maven)
Feb 10, 2023
Exposure of Resource to Wrong Sphere in Apache Tomcat
Critical
CVE-2017-5648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
Workers for local Dask clusters mistakenly listened on public interfaces
Critical
GHSA-hwqr-f3v9-hwxr
was published
for
distributed
(pip)
Jul 15, 2022
python-docutils allows insecure usage of temporary files
Critical
CVE-2009-5042
was published
for
docutils
(pip)
Mar 13, 2020
ProTip!
Advisories are also available from the
GraphQL API