GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
281 advisories
Filter by severity
Files or Directories Accessible to External Parties in org.springframework:spring-core
High
CVE-2015-5211
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Arbitrary file read via window-open IPC in Electron
Moderate
CVE-2020-4075
was published
for
electron
(npm)
Jul 7, 2020
Broken access control on files
Moderate
CVE-2019-14273
was published
for
silverstripe/framework
(Composer)
Jul 15, 2020
Unauthorized File Access in node-git-server
High
GHSA-cv3v-7846-6pxm
was published
for
node-git-server
(npm)
Sep 3, 2020
Local Temp Directory Hijacking Vulnerability
High
CVE-2020-27216
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Nov 4, 2020
Path Traversal in Apache Flink
High
CVE-2020-17519
was published
for
org.apache.flink:flink-runtime_2.11
(Maven)
Jan 6, 2021
Vulnerability allowing for reading internal HTTP resources
High
GHSA-hfwx-c7q6-g54c
was published
for
highcharts-export-server
(npm)
Mar 12, 2021
Unrestricted File Upload in Form Framework
High
CVE-2021-21355
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Exposure of .env if project root is configured as web root in shopware/production
Moderate
GHSA-3pcr-4982-548m
was published
for
shopware/production
(Composer)
Apr 13, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Moderate
CVE-2021-21429
was published
for
org.openapitools:openapi-generator-maven-plugin
(Maven)
Apr 29, 2021
Unauthorized access through URL manipulation
High
GHSA-qrmm-w4v4-q7f8
was published
for
docassemble
(pip)
May 6, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket
High
CVE-2020-11976
was published
for
org.apache.wicket:wicket-core
(Maven)
May 7, 2021
Insecure path handling in Bundler
High
CVE-2019-3881
was published
for
bundler
(RubyGems)
May 10, 2021
Files or Directories Accessible to External Parties in ether/logs
High
CVE-2021-32752
was published
for
ether/logs
(Composer)
Jul 12, 2021
Files or Directories Accessible to External Parties in kubernetes
High
CVE-2021-25741
was published
for
k8s.io/kubernetes
(Go)
Nov 1, 2021
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the...
Moderate
Unreviewed
CVE-2021-43772
was published
Dec 4, 2021
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows...
Low
Unreviewed
CVE-2021-25521
was published
Dec 9, 2021
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote...
Moderate
Unreviewed
CVE-2021-31850
was published
Dec 9, 2021
Files Accessible to External Parties in Opencast
Critical
CVE-2021-43821
was published
for
org.opencastproject:opencast-ingest-service-impl
(Maven)
Dec 14, 2021
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which...
High
Unreviewed
CVE-2021-44315
was published
Dec 17, 2021
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows...
Moderate
Unreviewed
CVE-2022-22270
was published
Jan 11, 2022
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1...
Low
Unreviewed
CVE-2022-22269
was published
Jan 11, 2022
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically...
Moderate
Unreviewed
CVE-2022-22268
was published
Jan 11, 2022
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1...
Low
Unreviewed
CVE-2022-22267
was published
Jan 11, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary...
High
Unreviewed
CVE-2022-0244
was published
Jan 19, 2022
ProTip!
Advisories are also available from the
GraphQL API