Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,635 advisories

Loading
Django Channels leakage of session identifiers using legacy AsgiHandler High
CVE-2020-35681 was published for channels (pip) Mar 19, 2021
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-22134 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Generated Code Contains Local Information Disclosure Vulnerability Moderate
CVE-2021-21364 was published for io.swagger:swagger-codegen (Maven) Mar 11, 2021
JLLeitschuh
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup Low
CVE-2021-21360 was published for Products.GenericSetup (pip) Mar 9, 2021
chutchut
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager Moderate
CVE-2021-21336 was published for Products.PluggableAuthService (pip) Mar 8, 2021
chutchut
botframework-connector vulnerable to Improper Authentication Moderate
CVE-2021-1725 was published for botframework-connector (npm) Mar 8, 2021
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID High
CVE-2018-10189 was published for mautic/core (Composer) Jan 19, 2021
micschk
Information exposure via query strings in URL Low
GHSA-cq6h-w3mc-57f4 was published for shopware/core (Composer) Dec 21, 2020
datasette-graphql leaks details of the schema of private database files Low
GHSA-74hv-qjjq-h7g5 was published for datasette-graphql (pip) Nov 24, 2020
Arbitrary File Read in phantom-html-to-pdf High
CVE-2020-7763 was published for phantom-html-to-pdf (npm) Nov 6, 2020
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2020-15250 was published for junit:junit (Maven) Oct 12, 2020
JLLeitschuh
Sensitive Data Exposure in Apache Ant Moderate
CVE-2020-1945 was published for org.apache.ant:ant (Maven) Sep 14, 2020
Unauthorized File Access in atompm High
GHSA-v86x-f47q-f7f4 was published for atompm (npm) Sep 11, 2020
Sensitive Data Exposure in put Low
GHSA-v6gv-fg46-h89j was published for put (npm) Sep 3, 2020
Sensitive Data Exposure in loopback Low
GHSA-724c-6vrf-99rq was published for loopback (npm) Sep 2, 2020
Missing Origin Validation in browserify-hmr High
CVE-2018-14730 was published for browserify-hmr (npm) Sep 1, 2020
Tracking Module in botbait Moderate
CVE-2017-16126 was published for botbait (npm) Sep 1, 2020
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader
Potentially sensitive data exposure in Symfony Web Socket Bundle Moderate
GHSA-wwgf-3xp7-cxj4 was published for gos/web-socket-bundle (Composer) Jul 7, 2020
phproberto
XML External Entity Injection in XStream High
CVE-2016-3674 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Exposure of Sensitive Information to an Unauthorized Actor in AEgir Critical
CVE-2020-11059 was published for aegir (npm) May 27, 2020
tdunlap607
ProTip! Advisories are also available from the GraphQL API