Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure High
CVE-2021-31407 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign High
CVE-2021-22044 was published for org.springframework.cloud:spring-cloud-openfeign-core (Maven) May 24, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot High
CVE-2022-27772 was published for org.springframework.boot:spring-boot (Maven) Jul 11, 2022
trgpa JLLeitschuh
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere High
CVE-2022-21126 was published for com.github.samtools:htsjdk (Maven) Nov 29, 2022
Undertow vulnerable to Denial of Service (DoS) attacks High
CVE-2021-3859 was published for io.undertow:undertow-core (Maven) Jul 15, 2022
ManyDesigns Portofino subject to creation of insecure temporary file High
CVE-2022-3952 was published for com.manydesigns:portofino (Maven) Nov 11, 2022
Arbitrary code execution in Apache Druid High
CVE-2021-26919 was published for org.apache.druid:druid (Maven) Jun 16, 2021
Remote code execution in Eclipse Theia High
CVE-2021-34435 was published for @theia/mini-browser (npm) Sep 2, 2021
Arbitrary filesystem write access from velocity. High
CVE-2022-24897 was published for org.xwiki.commons:xwiki-commons-velocity (Maven) Apr 28, 2022
kurt-r2c
Ethermint vulnerable to DoS through unintended Contract Selfdestruct High
CVE-2022-35936 was published for github.com/Kava-Labs/kava (Go) Aug 18, 2022
yihuang tomtau
TaffyDB can allow access to any data items in the DB High
CVE-2019-10790 was published for taffy (npm) Feb 19, 2020
ebickle
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes High
CVE-2022-21724 was published for org.postgresql:postgresql (Maven) Feb 2, 2022
iSafeBlue
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity High
CVE-2020-25039 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
xman
Exposure of Resource to Wrong Sphere in LibreNMS High
CVE-2020-15877 was published for librenms/librenms (Composer) Sep 8, 2021
Insecure permissions on build temporary rootfs in Singularity High
CVE-2020-25040 was published for github.com/sylabs/singularity (Go) May 24, 2021
dtrudg tri-adam
Insecure temporary file in Tensorflow High
CVE-2022-23563 was published for tensorflow (pip) Feb 9, 2022
ecdh vulnerable to Exposure of Resource to Wrong Sphere High
CVE-2022-44310 was published for ecdh (npm) Feb 24, 2023
Cronos vulnerable to DoS through unintended Contract Selfdestruct High
GHSA-gwj5-wp6r-5q9f was published for github.com/crypto-org-chain/cronos (Go) Aug 11, 2022
yihuang tomtau
tdunlap607
org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents High
CVE-2023-29208 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 12, 2023
Abomonation transmutes &T to and from &[u8] without sufficient constraints High
CVE-2021-45708 was published for abomonation (Rust) Jan 6, 2022
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
xdlocalstorage does not verify request origin High
CVE-2020-11610 was published for xdlocalstorage (npm) May 24, 2022
Improper Privilege Management in Spring Framework High
CVE-2021-22118 was published for org.springframework:spring-web (Maven) May 24, 2022
catch22out
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database