Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

298 advisories

Loading
Path traversal in ServiceCenter High
CVE-2021-21501 was published for github.com/apache/servicecomb-service-center (Go) Sep 1, 2021
tdunlap607
Concrete CMS vulnerable to Reflected Cross-site Scripting Moderate
CVE-2022-43692 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
Missing authentication in ShenYu Critical
CVE-2022-23944 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Browsershot version 3.57.3 vulnerable to improper input validation Moderate
CVE-2022-43984 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
ZK Framework vulnerable to malicious POST High
CVE-2022-36537 was published for org.zkoss.zk:zk (Maven) Aug 27, 2022
tdunlap607
CakePHP allows remote attackers to spoof their IP High
CVE-2016-4793 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84 tdunlap607
Concrete CMS vulnerable to Improper Authentication Moderate
CVE-2022-43690 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
NoSQL Injection in sequelize High
GHSA-wfp9-vr4j-f49j was published for sequelize (npm) Jun 4, 2019
tdunlap607
Improper Certificate Validation in node-sass Moderate
CVE-2020-24025 was published for node-sass (npm) Feb 9, 2022
tdunlap607
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution Moderate
CVE-2022-31683 was published for github.com/concourse/concourse (Go) Oct 19, 2022
rickramgattie tdunlap607
Missing Release of Memory after Effective Lifetime in Apache Tika Moderate
CVE-2020-9489 was published for org.apache.tika:tika (Maven) May 7, 2021
tdunlap607
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20 Moderate
CVE-2021-33605 was published for com.vaadin:vaadin-checkbox-flow (Maven) Aug 30, 2021
tdunlap607
Data races in im Moderate
CVE-2020-36204 was published for im (Rust) Aug 25, 2021
bartschuller tdunlap607
Authentication Bypass in Apache Tomcat Moderate
CVE-2012-3546 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
tdunlap607
Cross-Site Scripting in @ckeditor/ckeditor5-link Moderate
CVE-2018-11093 was published for @ckeditor/ckeditor5-link (npm) May 23, 2018
tdunlap607
Login timing attack in ezsystems/ezpublish-kernel Critical
GHSA-xfqg-p48g-hh94 was published for ezsystems/ezpublish-kernel (Composer) Jun 2, 2022
tdunlap607
Fat Free CRM Cross-Site Request Forgery vulnerability Moderate
CVE-2015-1585 was published for fat_free_crm (RubyGems) May 14, 2022
tdunlap607
Command Injection in local-devices High
GHSA-w725-67p7-xv22 was published for local-devices (npm) Sep 3, 2020
tdunlap607
Shopware user session is not logged out if the password is reset via password recovery Low
CVE-2022-24744 was published for shopware/core (Composer) Mar 10, 2022
tdunlap607
Podman has Files or Directories Accessible to External Parties Moderate
CVE-2020-1726 was published for github.com/containers/podman (Go) May 24, 2022
tdunlap607
SQL injection in blazer High
CVE-2022-29498 was published for blazer (RubyGems) Apr 22, 2022
tdunlap607
Command injection in cocoapods-downloader High
CVE-2022-24440 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
tdunlap607
ReDoS vulnerability in parser_apache2 Moderate
CVE-2021-41186 was published for fluentd (RubyGems) Nov 1, 2021
tdunlap607
Improper Certificate Validation in kubeclient High
CVE-2022-0759 was published for kubeclient (RubyGems) Mar 26, 2022
tdunlap607
Deserialization of Untrusted Data in Infinispan High
CVE-2017-15089 was published for org.infinispan:infinispan-core (Maven) May 14, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database