Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

5,154 advisories

Loading
Segfault on strings tensors with mistmatched dimensions, due to Go code Moderate
CVE-2021-37692 was published for tensorflow (pip) Aug 25, 2021
Workflow re-write vulnerability using input parameter Moderate
CVE-2021-37914 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 9, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19 Moderate
CVE-2021-31412 was published for com.vaadin:vaadin-bom (Maven) Jun 28, 2021
Improper input validation in CNCF Cortex Moderate
CVE-2021-31232 was published for github.com/cortexproject/cortex (Go) Jun 23, 2021
Form validation can be skipped Moderate
CVE-2021-32697 was published for neos/form (Composer) Jun 22, 2021
anianweber
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON Moderate
CVE-2021-20329 was published for go.mongodb.org/mongo-driver (Go) Jun 15, 2021
Improper Input Validation in Hibernate Validator Moderate
CVE-2020-10693 was published for org.hibernate.validator:hibernate-validator (Maven) Jun 4, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
CVE-2021-32635 was published for github.com/sylabs/singularity (Go) Jun 1, 2021
EmmEff
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
GHSA-jq42-hfch-42f3 was published for github.com/hpcng/singularity (Go) Jun 1, 2021
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses Moderate
CVE-2020-15233 was published for github.com/ory/fosite (Go) May 24, 2021
mitar aeneasr
Redirect URL matching ignores character casing Moderate
CVE-2020-15234 was published for github.com/ory/fosite (Go) May 24, 2021
mitar
Improper Input Validation in HashiCorp Consul Moderate
CVE-2020-13170 was published for github.com/hashicorp/consul (Go) May 18, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util Moderate
CVE-2019-10806 was published for vega-util (npm) May 7, 2021
Improper Input Validation in Google Closure Library Moderate
CVE-2020-8910 was published for google-closure-library (npm) May 7, 2021
Improper Input Validation in sanitize-html Moderate
CVE-2021-26540 was published for sanitize-html (npm) May 6, 2021
Improper Input Validation in sanitize-html Moderate
CVE-2021-26539 was published for sanitize-html (npm) May 6, 2021
tdunlap607
Path Traversal and Improper Input Validation in Apache Commons IO Moderate
CVE-2021-29425 was published for com.cosium.vet:vet (Maven) Apr 26, 2021
wtwhite jensdietrich
Malicious users could abuse Sydent to control the content of invitation emails Moderate
CVE-2021-29432 was published for matrix-sydent (pip) Apr 19, 2021
SSRF in Sydent due to missing validation of hostnames Moderate
CVE-2021-29431 was published for matrix-sydent (pip) Apr 19, 2021
Directory traversal in development mode handler in Vaadin 14 and 15-17 Moderate
CVE-2020-36321 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Directory traversal in development mode handler in Vaadin 14 and 15-17 Moderate
GHSA-82mf-mmh7-hxp5 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Sydent DoS (via resource exhaustion) due to improper input validation Moderate
CVE-2021-29433 was published for matrix-sydent (pip) Apr 16, 2021
Improper Input Validation in SocksJS-Node Moderate
CVE-2020-7693 was published for sockjs (npm) Apr 13, 2021
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints Moderate
CVE-2021-21394 was published for matrix-synapse (pip) Apr 13, 2021
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints Moderate
CVE-2021-21393 was published for matrix-synapse (pip) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database