GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
Moderate
CVE-2024-7625
was published
for
github.com/hashicorp/nomad
(Go)
Aug 15, 2024
CometBFT is unstability during blocksync when syncing from malicious peer
Moderate
GHSA-hg58-rf2h-6rr7
was published
for
github.com/cometbft/cometbft
(Go)
Jun 28, 2024
Micronaut management endpoints vulnerable to drive-by localhost attack
Moderate
CVE-2024-23639
was published
for
io.micronaut:micronaut-http-server
(Maven)
Feb 9, 2024
in-toto vulnerable to Configuration Read From Local Directory
Moderate
CVE-2023-32076
was published
for
in-toto
(pip)
May 11, 2023
Moodle External Control of File Name or Path vulnerability
Moderate
CVE-2023-30943
was published
for
moodle/moodle
(Composer)
May 2, 2023
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
Moderate
CVE-2021-3779
was published
for
ruby-mysql
(RubyGems)
Jun 29, 2022
phpBB Server-Side Request Forgery Vulnerability
Moderate
CVE-2020-8226
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
ingress-nginx component for Kubernetes allows file overwrite
Moderate
CVE-2020-8553
was published
for
k8s.io/ingress-nginx
(Go)
May 24, 2022
Shopware XXE Vulnerability
Moderate
CVE-2017-18357
was published
for
shopware/shopware
(Composer)
May 14, 2022
Confused Deputy in Kubernetes
Moderate
CVE-2020-8561
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix
Moderate
CVE-2020-5412
was published
for
org.springframework.cloud:spring-cloud-netflix
(Maven)
Apr 30, 2021
Arbitrary File Deletion vulnerability in OctoberCMS
Moderate
CVE-2020-5296
was published
for
october/cms
(Composer)
Jun 3, 2020
ProTip!
Advisories are also available from the
GraphQL API