GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,463 advisories
Filter by severity
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
High
CVE-2021-22885
was published
for
actionpack
(RubyGems)
May 5, 2021
Plaintext password leak in Apache Superset
High
CVE-2020-13952
was published
for
apache-superset
(pip)
Apr 30, 2021
.NET Core Information Disclosure
High
CVE-2018-8292
was published
for
System.Net.Http
(NuGet)
Apr 21, 2021
ApiKey secret could be revelated on network issue
High
CVE-2021-21421
was published
for
node-etsy-client
(npm)
Apr 6, 2021
Django Channels leakage of session identifiers using legacy AsgiHandler
High
CVE-2020-35681
was published
for
channels
(pip)
Mar 19, 2021
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
High
CVE-2018-10189
was published
for
mautic/core
(Composer)
Jan 19, 2021
Arbitrary File Read in phantom-html-to-pdf
High
CVE-2020-7763
was published
for
phantom-html-to-pdf
(npm)
Nov 6, 2020
Unauthorized File Access in atompm
High
GHSA-v86x-f47q-f7f4
was published
for
atompm
(npm)
Sep 11, 2020
Missing Origin Validation in browserify-hmr
High
CVE-2018-14730
was published
for
browserify-hmr
(npm)
Sep 1, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
High
CVE-2020-15099
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
XML External Entity Injection in XStream
High
CVE-2016-3674
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jun 30, 2020
Information disclosure issue in Active Resource
High
CVE-2020-8151
was published
for
activeresource
(RubyGems)
May 21, 2020
Polymorphic deserialization of malicious object in jackson-databind
High
CVE-2019-14892
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Improper authentication in Symfony
High
CVE-2019-10911
was published
for
symfony/security
(Composer)
Feb 12, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop
High
CVE-2018-1296
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 12, 2019
Rendertron discloses absolute paths of files
High
CVE-2017-18355
was published
for
rendertron
(npm)
Feb 12, 2019
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
High
CVE-2015-2080
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Nov 9, 2018
Missing Origin Validation in parcel-bundler
High
CVE-2018-14731
was published
for
parcel-bundler
(npm)
Oct 30, 2018
Private Data Disclosure in express-restify-mongoose
High
CVE-2016-10533
was published
for
express-restify-mongoose
(npm)
Oct 23, 2018
Jetty vulnerable to exposure of sensitive information due to observable discrepancy
High
CVE-2017-9735
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent
High
CVE-2017-7686
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
ProTip!
Advisories are also available from the
GraphQL API