Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

734 advisories

Loading
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass High
CVE-2018-1258 was published for org.springframework:spring-core (Maven) Oct 17, 2018
MarkLee131 sunSUNQ
Cleartext Transmission of Sensitive Information in Apache nifi High
CVE-2018-17195 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
Authorization bypass in express-jwt High
CVE-2020-15084 was published for express-jwt (npm) Jun 30, 2020
Invalid root may become trusted root in The Update Framework (TUF) High
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
Privilege Escalation in Channelmgnt plug-in for Sopel High
CVE-2020-15251 was published for sopel_plugins.channelmgnt (pip) Oct 13, 2020
RhinosF1
Authorization bypass in Spree High
CVE-2020-26223 was published for spree_api (RubyGems) Nov 13, 2020
Local File Inclusion by unauthenticated users High
CVE-2020-15246 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Base class whitelist configuration ignored in OAuthenticator High
CVE-2020-26250 was published for oauthenticator (pip) Dec 1, 2020
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
Any logged in user could edit any other logged in user. High
CVE-2021-29452 was published for @curveball/a12n-server (npm) Apr 19, 2021
Improper Input Validation in Laravel High
CVE-2020-24941 was published for laravel/framework (Composer) May 6, 2021
Improper Authorization in github.com/containers/libpod High
CVE-2021-20188 was published for github.com/containers/libpod (Go) May 18, 2021
XWiki users registered with email verification can self re-activate their disabled accounts High
CVE-2021-32620 was published for org.xwiki.commons:xwiki-commons-core (Maven) May 18, 2021
github.com/nats-io/nats-server Import token permissions checking not enforced High
GHSA-j756-f273-xhp4 was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled High
GHSA-qvp4-rpmr-xwrr was published for github.com/ory/oathkeeper (Go) Jun 23, 2021
flusflas
Incorrect Authorization in ORY Oathkeeper High
CVE-2021-32701 was published for github.com/ory/oathkeeper (Go) Jun 24, 2021
Resource Exhaustion in Spring Security High
CVE-2021-22119 was published for org.springframework.security:spring-security-core (Maven) Jul 2, 2021
Incorrect Authorization in TeamPass High
CVE-2020-12477 was published for nilsteampassnet/teampass (Composer) Jul 26, 2021
Istio Fragments in Path May Lead to Authorization Policy Bypass High
CVE-2021-39156 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu
Incorrect Authorization with specially crafted requests High
CVE-2021-39206 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
Improper Authorization in Google OAuth Client High
CVE-2020-7692 was published for com.google.oauth-client:google-oauth-client (Maven) Sep 28, 2021
Cobbler before 3.3.0 allows authorization bypass for modification of settings. High
CVE-2021-40325 was published for cobbler (pip) Oct 5, 2021
BuddyPress privilege escalation via REST API High
CVE-2021-21389 was published for buddypress/buddypress (Composer) Oct 6, 2021
ProTip! Advisories are also available from the GraphQL API