GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,824 advisories
Filter by severity
NULL pointer derefernce in `stb_image`
Moderate
GHSA-ppjr-267j-5p9x
was published
for
stb_image
(Rust)
Mar 20, 2023
Improper Privilege Management in Spring Framework
High
CVE-2021-22118
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
PHPServerMon PRNG has Insufficient Entropy
Moderate
CVE-2021-4241
was published
for
phpservermon/phpservermon
(Composer)
Nov 16, 2022
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
High
CVE-2022-4722
was published
for
rdiffweb
(pip)
Dec 27, 2022
Nokogiri Implements libxml2 version vulnerable to use-after-free
High
CVE-2021-3518
was published
for
nokogiri
(RubyGems)
May 24, 2022
xxl-job sensitive data exposure
High
CVE-2020-23811
was published
for
com.xuxueli:xxl-job
(Maven)
May 24, 2022
silverstripe-advancedreports vulnerable to XSS
Moderate
CVE-2020-25102
was published
for
silverstripe-australia/advancedreports
(Composer)
May 24, 2022
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Moderate
CVE-2023-0105
was published
for
org.keycloak:keycloak-core
(Maven)
Jul 18, 2023
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly
Moderate
GHSA-vhvq-jh34-3fc8
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 13, 2023
•
withdrawn
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
Moderate
CVE-2021-4287
was published
for
binwalk
(pip)
Dec 27, 2022
ke_search for Typo3 XSS Vulnerability
Moderate
CVE-2020-15517
was published
for
tpwd/ke_search
(Composer)
May 24, 2022
GleamTech FileUltimate Cross-site Scripting
Moderate
CVE-2020-15015
was published
for
GleamTech.FileUltimate
(NuGet)
May 24, 2022
Mattermost Server Sensitive Data Exposure
Moderate
CVE-2020-14457
was published
for
github.com/mattermost/mattermost
(Go)
May 24, 2022
Spoon Library as used in Fork CMS allows PHP object injection
Critical
CVE-2019-15521
was published
for
spoon/library
(Composer)
May 24, 2022
LibreNMS Information Disclosure
Critical
CVE-2019-10665
was published
for
librenms/librenms
(Composer)
May 24, 2022
Gophish XSS Vulnerability
Moderate
CVE-2019-16146
was published
for
github.com/gophish/gophish
(Go)
May 24, 2022
Elastic APM agent for Python client CGI proxy redirection flaw
High
CVE-2019-7617
was published
for
elastic-apm
(pip)
May 24, 2022
Pimcore RCE via PHAR upload
High
CVE-2019-16317
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Cross-site Scripting in Apache JSPWiki
Moderate
CVE-2019-12407
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
Critical
CVE-2019-10417
was published
for
io.fabric8.pipeline:kubernetes-pipeline-steps
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API