Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

254 advisories

Loading
Files or Directories Accessible to External Parties in org.springframework:spring-core High
CVE-2015-5211 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ
Arbitrary file read via window-open IPC in Electron Moderate
CVE-2020-4075 was published for electron (npm) Jul 7, 2020
Broken access control on files Moderate
CVE-2019-14273 was published for silverstripe/framework (Composer) Jul 15, 2020
Unauthorized File Access in node-git-server High
GHSA-cv3v-7846-6pxm was published for node-git-server (npm) Sep 3, 2020
Local Temp Directory Hijacking Vulnerability High
CVE-2020-27216 was published for org.eclipse.jetty:jetty-webapp (Maven) Nov 4, 2020
JLLeitschuh timtebeek
Path Traversal in Apache Flink High
CVE-2020-17519 was published for org.apache.flink:flink-runtime_2.11 (Maven) Jan 6, 2021
stephanmiehe
Vulnerability allowing for reading internal HTTP resources High
GHSA-hfwx-c7q6-g54c was published for highcharts-export-server (npm) Mar 12, 2021
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen ohader
marclindemann vertexvaar sushiwushi waldhacker1
Exposure of .env if project root is configured as web root in shopware/production Moderate
GHSA-3pcr-4982-548m was published for shopware/production (Composer) Apr 13, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin Moderate
CVE-2021-21429 was published for org.openapitools:openapi-generator-maven-plugin (Maven) Apr 29, 2021
JLLeitschuh
Unauthorized access through URL manipulation High
GHSA-qrmm-w4v4-q7f8 was published for docassemble (pip) May 6, 2021
jimmio
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket High
CVE-2020-11976 was published for org.apache.wicket:wicket-core (Maven) May 7, 2021
jacobovazquez
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
Files or Directories Accessible to External Parties in ether/logs High
CVE-2021-32752 was published for ether/logs (Composer) Jul 12, 2021
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the... Moderate Unreviewed
CVE-2021-43772 was published Dec 4, 2021
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows... Low Unreviewed
CVE-2021-25521 was published Dec 9, 2021
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote... Moderate Unreviewed
CVE-2021-31850 was published Dec 9, 2021
Files Accessible to External Parties in Opencast Critical
CVE-2021-43821 was published for org.opencastproject:opencast-ingest-service-impl (Maven) Dec 14, 2021
gregorydlogan
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which... High Unreviewed
CVE-2021-44315 was published Dec 17, 2021
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows... Moderate Unreviewed
CVE-2022-22270 was published Jan 11, 2022
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1... Low Unreviewed
CVE-2022-22269 was published Jan 11, 2022
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically... Moderate Unreviewed
CVE-2022-22268 was published Jan 11, 2022
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1... Low Unreviewed
CVE-2022-22267 was published Jan 11, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary... High Unreviewed
CVE-2022-0244 was published Jan 19, 2022
ProTip! Advisories are also available from the GraphQL API