Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,966 advisories

Loading
Improper Authorization in aedes Moderate
CVE-2018-3778 was published for aedes (npm) Aug 15, 2018
tdunlap607
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass High
CVE-2018-1258 was published for org.springframework:spring-core (Maven) Oct 17, 2018
MarkLee131 sunSUNQ
Cleartext Transmission of Sensitive Information in Apache nifi High
CVE-2018-17195 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
Potential session hijack in Apache CXF Critical
CVE-2019-12419 was published for org.apache.cxf:cxf (Maven) Nov 8, 2019
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
Authorization bypass in express-jwt High
CVE-2020-15084 was published for express-jwt (npm) Jun 30, 2020
GraphQL: Security breach on Viewer query Moderate
CVE-2020-15126 was published for parse-server (npm) Jul 22, 2020
Moumouls
Possible pod name collisions in jupyterhub-kubespawner Moderate
CVE-2020-15110 was published for jupyterhub-kubespawner (pip) Jul 22, 2020
Authorization Bypass in I hate money Moderate
CVE-2020-15120 was published for ihatemoney (pip) Jul 27, 2020
zorun
Incorrect access control in typo3_forum Moderate
CVE-2020-15513 was published for mittwald/typo3_forum (Composer) Jul 29, 2020
Information Disclosure in TYPO3 extension sf_event_mgt Moderate
CVE-2020-25026 was published for derhansen/sf_event_mgt (Composer) Sep 2, 2020
derhansen
Invalid root may become trusted root in The Update Framework (TUF) High
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
Android WebView Universal Cross-site Scripting Moderate
CVE-2020-6506 was published for react-native-webview (npm) Oct 2, 2020
alesandroortiz
Privilege Escalation in Channelmgnt plug-in for Sopel High
CVE-2020-15251 was published for sopel_plugins.channelmgnt (pip) Oct 13, 2020
RhinosF1
Authorization bypass in Spree High
CVE-2020-26223 was published for spree_api (RubyGems) Nov 13, 2020
Privilege escalation by backend users assigned to the default "Publisher" system role Low
CVE-2020-15248 was published for october/backend (Composer) Nov 23, 2020
Local File Inclusion by unauthenticated users High
CVE-2020-15246 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Base class whitelist configuration ignored in OAuthenticator High
CVE-2020-26250 was published for oauthenticator (pip) Dec 1, 2020
Authenticated Privilege Escalation Low
GHSA-5q58-x5h2-v5rx was published for shopware/core (Composer) Dec 21, 2020
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-22134 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Privilage Escalation in moodle Moderate
CVE-2020-25701 was published for moodle/moodle (Composer) Mar 29, 2021
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
Moodle allowed some users without permission to view other users' full names Moderate
CVE-2021-20281 was published for moodle/moodle (Composer) Mar 29, 2021
Authorization Before Parsing and Canonicalization in jetty Moderate
CVE-2021-28164 was published for org.eclipse.jetty:jetty-webapp (Maven) Apr 6, 2021
charlesk40
ProTip! Advisories are also available from the GraphQL API