Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

156 advisories

Loading
Incorrect Authorization in keycloak Moderate
CVE-2020-1725 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes High
CVE-2022-21724 was published for org.postgresql:postgresql (Maven) Feb 2, 2022
iSafeBlue
Exposure of Resource to Wrong Sphere in Zip-Local Critical
CVE-2021-23484 was published for zip-local (npm) Feb 1, 2022
Insufficient user authorization in Moodle Moderate
CVE-2022-0334 was published for moodle/moodle (Composer) Jan 28, 2022
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
SQL Injection in Apache Kylin Moderate
CVE-2021-36774 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
Abomonation transmutes &T to and from &[u8] without sufficient constraints High
CVE-2021-45708 was published for abomonation (Rust) Jan 6, 2022
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity High
CVE-2020-25039 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
xman
Malicious Atomix node queries expose sensitive information Moderate
CVE-2020-35215 was published for io.atomix:atomix (Maven) Dec 17, 2021
Exposure of Resource to Wrong Sphere in org.craftercms:crafter-search Critical
CVE-2021-23264 was published for org.craftercms:crafter-search (Maven) Dec 16, 2021
Exposure of sensitive information in Apache Ozone Critical
CVE-2021-39231 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Apache Ozone exposes OM, SCM and Datanode metadata Moderate
CVE-2021-41532 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Exposure of Resource to Wrong Sphere in salt High
CVE-2021-21996 was published for salt (pip) Nov 21, 2021
Remote code execution in dask Critical
CVE-2021-42343 was published for dask (pip) Oct 27, 2021
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API Moderate
CVE-2021-39184 was published for electron (npm) Oct 12, 2021
nornagon
Druid ingestion system Authenticated users can read data from other sources than intended Moderate
CVE-2021-36749 was published for org.apache.druid:druid-core (Maven) Sep 27, 2021
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Exposure of Resource to Wrong Sphere in LibreNMS High
CVE-2020-15877 was published for librenms/librenms (Composer) Sep 8, 2021
Remote code execution in Eclipse Theia High
CVE-2021-34435 was published for @theia/mini-browser (npm) Sep 2, 2021
CSRF token exposure in TYPO3 extension Moderate
CVE-2021-36793 was published for lms/routes (Composer) Sep 2, 2021
Exposed phpinfo() leadked via documentation files Moderate
CVE-2021-37704 was published for phpfastcache/phpfastcache (Composer) Aug 30, 2021
Geolim4
File exposure in pleaser Low
CVE-2021-31153 was published for pleaser (Rust) Aug 25, 2021
another-rex
Archive package allows chmod of file outside of unpack target directory Moderate
CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database