Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
ActiveRecord in Ruby on Rails allows database-query bypass High
CVE-2016-6317 was published for activerecord (RubyGems) Oct 24, 2017
Active Record subject to strong parameters protection bypass High
CVE-2014-3514 was published for activerecord (RubyGems) Oct 24, 2017
gollum and gollum-lib allow remote authenticated users to execute arbitrary code High
CVE-2014-9489 was published for gollum (RubyGems) Nov 16, 2017
Arbitrary code using "crafted image file" approach affecting Pillow High
CVE-2016-9190 was published for Pillow (pip) Jul 12, 2018
High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2 High
CVE-2016-4464 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018
High severity vulnerability that affects org.apache.hbase:hbase High
CVE-2015-1836 was published for org.apache.hbase:hbase (Maven) Oct 18, 2018
Improper Access Control in activejob High
CVE-2018-16476 was published for activejob (RubyGems) Dec 5, 2018
rendertron can remotely shut down Chrome instance High
CVE-2017-18353 was published for rendertron (npm) Jan 4, 2019
Sails before 0.12.7 vulnerable to Broken CORS High
CVE-2016-10549 was published for sails (npm) Feb 18, 2019
Private data exposure via REST API in BuddyPress High
CVE-2020-5244 was published for buddypress/buddypress (Composer) Feb 24, 2020
Improper Access Control in novajoin High
CVE-2019-10138 was published for novajoin (pip) Mar 12, 2020
Improper Access Control in moodle High
CVE-2020-25698 was published for moodle/moodle (Composer) Mar 29, 2021
MarkLee131
Improper Access Control in Apache Airflow High
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
Improper Input Validation in sopel-plugins.channelmgnt High
CVE-2021-21431 was published for sopel-plugins.channelmgnt (pip) Apr 9, 2021
Improper Access Control in Lightning Network Daemon High
CVE-2019-12999 was published for github.com/lightningnetwork/lnd (Go) May 18, 2021
Improper Input Validation in libseccomp-golang High
CVE-2017-18367 was published for github.com/seccomp/libseccomp-golang (Go) May 18, 2021
Go JOSE Signature Validation Bypass High
CVE-2016-9122 was published for gopkg.in/square/go-jose.v1 (Go) May 18, 2021
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node High
CVE-2021-27098 was published for github.com/spiffe/spire (Go) May 21, 2021
c53robin
Incorrect handling of credential expiry by /nats-io/nats-server High
GHSA-2c64-vj8g-vwrq was published for github.com/nats-io/jwt (Go) May 21, 2021
Apache ActiveMQ Artemis vulnerable to Improper Access Control High
CVE-2021-26118 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Jun 16, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
User can obtain JWT token even if account is disabled High
GHSA-36mj-6r7r-mqhf was published for ezsystems/ezplatform-rest (Composer) Sep 29, 2021
Incorrect Authorization in calibreweb High
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Drupal core access bypass vulnerability High
CVE-2020-13677 was published for drupal/core (Composer) Feb 12, 2022
Istio may not check inbound TCP connections against istio-policy High
CVE-2019-12243 was published for istio.io/istio (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database