GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+
137,175 advisories
Filter by severity
Denial of Service in node-static
Moderate
GHSA-8r4g-cg4m-x23c
was published
for
node-static
(npm)
Sep 22, 2021
use-after-free vulnerability in Rust array-queue
Moderate
CVE-2020-35900
was published
for
array-queue
(Rust)
Aug 25, 2021
Data races in unicycle
Moderate
GHSA-7mg7-m5c3-3hqj
was published
for
unicycle
(Rust)
Aug 25, 2021
•
withdrawn
Send/Sync bound needed on T for Send/Sync impl of RcuCell<T>
Moderate
GHSA-jh2g-xhqq-x4w9
was published
for
rcu_cell
(Rust)
Aug 25, 2021
•
withdrawn
Singleton lacks bounds on Send and Sync.
Moderate
GHSA-vj88-5667-w56p
was published
for
ruspiro-singleton
(Rust)
Aug 25, 2021
•
withdrawn
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Moderate
CVE-2020-5233
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements
Moderate
CVE-2020-11091
was published
for
github.com/weaveworks/weave
(Go)
May 27, 2021
Argo Server TLS requests could be forged by attacker with network access
Moderate
GHSA-6c73-2v8x-qpvm
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Cross-site scripting vulnerability in TinyMCE
Moderate
GHSA-5vm8-hhgr-jcjp
was published
for
tinymce
(npm)
May 28, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli
Moderate
GHSA-89v2-g37m-g3ff
was published
for
aws-encryption-sdk-cli
(pip)
Jun 1, 2021
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Moderate
GHSA-hw7r-qrhp-5pff
was published
for
com.vaadin:vaadin-bom
(Maven)
Aug 30, 2021
Canceling of orders not related to the logged-in user
Moderate
GHSA-wq3r-jwrq-xg6w
was published
for
shopware/core
(Composer)
Jun 28, 2021
Internal hidden fields are visible on to many associations in admin api
Moderate
GHSA-gpmh-g94g-qrhr
was published
for
shopware/core
(Composer)
Jun 28, 2021
Assumed memory layout of std::net::SocketAddr
Moderate
GHSA-p5w9-856p-8q4g
was published
for
socket2
(Rust)
Aug 25, 2021
•
withdrawn
MvccRwLock allows data races & aliasing violations
Moderate
GHSA-mgg8-9pvp-6qcw
was published
for
noise_search
(Rust)
Aug 25, 2021
•
withdrawn
Data races in generator
Moderate
GHSA-h6gg-fvf5-qgwf
was published
for
generator
(Rust)
Aug 25, 2021
•
withdrawn
Authenticated Stored XSS in Administration
Moderate
GHSA-f6p7-8xfw-fjqq
was published
for
shopware/shopware
(Composer)
May 21, 2021
CKEditor 4 vulnerabilities in versions <4.16.1
Moderate
GHSA-cfcv-q4qq-2ph4
was published
for
pimcore/pimcore
(Composer)
Aug 23, 2021
Improper input validation in umoci
Moderate
CVE-2021-29136
was published
for
github.com/opencontainers/umoci
(Go)
Feb 15, 2022
Symlink Attack in Libcontainer and Docker Engine
Moderate
CVE-2015-3627
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
"catalog's registry v2 api exposed on unauthenticated path in Harbor"
Moderate
CVE-2020-29662
was published
for
github.com/goharbor/harbor
(Go)
Feb 12, 2022
Improper Input Validation in OpenCV
Moderate
CVE-2016-1517
was published
for
opencv-contrib-python
(pip)
Oct 12, 2021
Out-of-bounds Write in OpenCV
Moderate
CVE-2017-14136
was published
for
opencv-contrib-python
(pip)
Oct 12, 2021
ProTip!
Advisories are also available from the
GraphQL API