Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

122 advisories

Loading
ActiveRecord in Ruby on Rails allows database-query bypass High
CVE-2016-6317 was published for activerecord (RubyGems) Oct 24, 2017
Active Record subject to strong parameters protection bypass High
CVE-2014-3514 was published for activerecord (RubyGems) Oct 24, 2017
gollum and gollum-lib allow remote authenticated users to execute arbitrary code High
CVE-2014-9489 was published for gollum (RubyGems) Nov 16, 2017
Arbitrary code using "crafted image file" approach affecting Pillow High
CVE-2016-9190 was published for Pillow (pip) Jul 12, 2018
High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2 High
CVE-2016-4464 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018
High severity vulnerability that affects org.apache.hbase:hbase High
CVE-2015-1836 was published for org.apache.hbase:hbase (Maven) Oct 18, 2018
Improper Access Control in activejob High
CVE-2018-16476 was published for activejob (RubyGems) Dec 5, 2018
rendertron can remotely shut down Chrome instance High
CVE-2017-18353 was published for rendertron (npm) Jan 4, 2019
Sails before 0.12.7 vulnerable to Broken CORS High
CVE-2016-10549 was published for sails (npm) Feb 18, 2019
Private data exposure via REST API in BuddyPress High
CVE-2020-5244 was published for buddypress/buddypress (Composer) Feb 24, 2020
Improper Access Control in novajoin High
CVE-2019-10138 was published for novajoin (pip) Mar 12, 2020
Improper Access Control in moodle High
CVE-2020-25698 was published for moodle/moodle (Composer) Mar 29, 2021
MarkLee131
Improper Access Control in Apache Airflow High
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
Improper Input Validation in sopel-plugins.channelmgnt High
CVE-2021-21431 was published for sopel-plugins.channelmgnt (pip) Apr 9, 2021
Improper Access Control in Lightning Network Daemon High
CVE-2019-12999 was published for github.com/lightningnetwork/lnd (Go) May 18, 2021
Improper Input Validation in libseccomp-golang High
CVE-2017-18367 was published for github.com/seccomp/libseccomp-golang (Go) May 18, 2021
Go JOSE Signature Validation Bypass High
CVE-2016-9122 was published for gopkg.in/square/go-jose.v1 (Go) May 18, 2021
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node High
CVE-2021-27098 was published for github.com/spiffe/spire (Go) May 21, 2021
c53robin
Incorrect handling of credential expiry by /nats-io/nats-server High
GHSA-2c64-vj8g-vwrq was published for github.com/nats-io/jwt (Go) May 21, 2021
Apache ActiveMQ Artemis vulnerable to Improper Access Control High
CVE-2021-26118 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Jun 16, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
User can obtain JWT token even if account is disabled High
GHSA-36mj-6r7r-mqhf was published for ezsystems/ezplatform-rest (Composer) Sep 29, 2021
Incorrect Authorization in calibreweb High
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Drupal core access bypass vulnerability High
CVE-2020-13677 was published for drupal/core (Composer) Feb 12, 2022
Istio may not check inbound TCP connections against istio-policy High
CVE-2019-12243 was published for istio.io/istio (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API