GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
122 advisories
Filter by severity
ActiveRecord in Ruby on Rails allows database-query bypass
High
CVE-2016-6317
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Active Record subject to strong parameters protection bypass
High
CVE-2014-3514
was published
for
activerecord
(RubyGems)
Oct 24, 2017
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
High
CVE-2014-9489
was published
for
gollum
(RubyGems)
Nov 16, 2017
Arbitrary code using "crafted image file" approach affecting Pillow
High
CVE-2016-9190
was published
for
Pillow
(pip)
Jul 12, 2018
High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2
High
CVE-2016-4464
was published
for
org.apache.cxf.fediz:fediz-spring
(Maven)
Oct 18, 2018
High severity vulnerability that affects org.apache.hbase:hbase
High
CVE-2015-1836
was published
for
org.apache.hbase:hbase
(Maven)
Oct 18, 2018
Improper Access Control in activejob
High
CVE-2018-16476
was published
for
activejob
(RubyGems)
Dec 5, 2018
rendertron can remotely shut down Chrome instance
High
CVE-2017-18353
was published
for
rendertron
(npm)
Jan 4, 2019
Sails before 0.12.7 vulnerable to Broken CORS
High
CVE-2016-10549
was published
for
sails
(npm)
Feb 18, 2019
Private data exposure via REST API in BuddyPress
High
CVE-2020-5244
was published
for
buddypress/buddypress
(Composer)
Feb 24, 2020
Improper Access Control in novajoin
High
CVE-2019-10138
was published
for
novajoin
(pip)
Mar 12, 2020
Improper Access Control in moodle
High
CVE-2020-25698
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Improper Access Control in Apache Airflow
High
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Improper Input Validation in sopel-plugins.channelmgnt
High
CVE-2021-21431
was published
for
sopel-plugins.channelmgnt
(pip)
Apr 9, 2021
Improper Access Control in Lightning Network Daemon
High
CVE-2019-12999
was published
for
github.com/lightningnetwork/lnd
(Go)
May 18, 2021
Improper Input Validation in libseccomp-golang
High
CVE-2017-18367
was published
for
github.com/seccomp/libseccomp-golang
(Go)
May 18, 2021
Go JOSE Signature Validation Bypass
High
CVE-2016-9122
was published
for
gopkg.in/square/go-jose.v1
(Go)
May 18, 2021
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node
High
CVE-2021-27098
was published
for
github.com/spiffe/spire
(Go)
May 21, 2021
Incorrect handling of credential expiry by /nats-io/nats-server
High
GHSA-2c64-vj8g-vwrq
was published
for
github.com/nats-io/jwt
(Go)
May 21, 2021
Apache ActiveMQ Artemis vulnerable to Improper Access Control
High
CVE-2021-26118
was published
for
org.apache.activemq:artemis-openwire-protocol
(Maven)
Jun 16, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control
High
CVE-2021-25956
was published
for
dolibarr/dolibarr
(Composer)
Sep 2, 2021
User can obtain JWT token even if account is disabled
High
GHSA-36mj-6r7r-mqhf
was published
for
ezsystems/ezplatform-rest
(Composer)
Sep 29, 2021
Incorrect Authorization in calibreweb
High
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
Drupal core access bypass vulnerability
High
CVE-2020-13677
was published
for
drupal/core
(Composer)
Feb 12, 2022
Istio may not check inbound TCP connections against istio-policy
High
CVE-2019-12243
was published
for
istio.io/istio
(Go)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API