Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,867 advisories

Loading
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
Incorrect version tags linked to external repository Critical
GHSA-593v-wcqx-hq2w was published for parse-server (npm) Sep 7, 2021
Unaligned memory access in rand_core Critical
CVE-2020-25576 was published for rand_core (Rust) Aug 25, 2021
rillian
Remote Code Execution in AjaxNetProfessional Critical
GHSA-6r7c-6w96-8pvw was published for AjaxNetProfessional (NuGet) Dec 7, 2021
h0ng10 mwulftange
Data race in internment Critical
CVE-2021-28037 was published for internment (Rust) Aug 25, 2021
NULL Pointer Dereference in cbox Critical
CVE-2020-35860 was published for cbox (Rust) Aug 25, 2021
Unsoundness in bigint Critical
CVE-2020-35880 was published for bigint (Rust) Aug 25, 2021
Double free in through Critical
CVE-2021-29940 was published for through (Rust) Aug 25, 2021
Auth bypass in SAML provider Critical
GHSA-433w-mm6h-rv9p was published for github.com/netlify/gotrue (Go) Jun 23, 2021
jupenur
UUPSUpgradeable vulnerability in @openzeppelin/contracts-upgradeable Critical
GHSA-q4h9-46xg-m3x9 was published for @openzeppelin/contracts-upgradeable (npm) Sep 15, 2021
Critical vulnerability in log4j may affect generated PEAR projects Critical
GHSA-j7c3-96rf-jrrp was published for de.averbis.textanalysis:pear-archetype (Maven) Dec 16, 2021
Authentication Bypass by CSRF Weakness Critical
GHSA-5629-8855-gf4g was published for solidus_core (RubyGems) Nov 18, 2021
oliverchang
Free of uninitialized memory in adtensor Critical
CVE-2021-29936 was published for adtensor (Rust) Aug 25, 2021
Out of bounds write in traitobject Critical
CVE-2020-35881 was published for traitobject (Rust) Aug 25, 2021
Remote code injection in Log4j (through pax-logging-log4j2) Critical
GHSA-xxfh-x98p-j8fr was published for org.ops4j.pax.logging:pax-logging-log4j2 (Maven) Dec 10, 2021
OS Command Injection in node-opencv Critical
CVE-2019-10061 was published for opencv (npm) Oct 12, 2021
Apache Log4j Remote Code Execution Critical
GHSA-mf4f-j588-5xm8 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan
Webcache Poisoning in shopware/platform and shopware/core Critical
GHSA-r64m-qchj-hrjp was published for shopware/core (Composer) Nov 24, 2021
Remote Code Execution in npm-groovy-lint Critical
GHSA-qc22-qwm9-j8rx was published for npm-groovy-lint (npm) Dec 20, 2021
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico PleaseInsertNameHere
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme Critical
GHSA-gp6j-vx54-5pmf was published for github.com/keep-network/keep-ecdsa (Go) Jan 6, 2022
Zalgo-like output that crashes the server Critical
GHSA-2w8g-m5j8-7m87 was published for @soketi/soketi (npm) Jan 12, 2022
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm
MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation Critical
CVE-2019-9845 was published for MadsKristensen.AspNetCore.Miniblog (NuGet) Jul 5, 2019
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls Critical
CVE-2019-14537 was published for yourls/yourls (Composer) Sep 23, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database