GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607,...
Moderate
Unreviewed
CVE-2017-8493
was published
May 13, 2022
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly...
Moderate
Unreviewed
CVE-2018-8337
was published
May 13, 2022
Etherpad Lite before 1.6.4 is exploitable for admin access.
Critical
Unreviewed
CVE-2018-9845
was published
May 13, 2022
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and...
High
Unreviewed
CVE-2020-12812
was published
May 24, 2022
Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328.
Moderate
Unreviewed
CVE-2021-28323
was published
May 24, 2022
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files,...
High
Unreviewed
CVE-2021-24347
was published
May 24, 2022
Privilege escalation in MOSN
Critical
CVE-2021-32163
was published
for
mosn.io/mosn
(Go)
Feb 17, 2023
An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows...
Critical
Unreviewed
CVE-2022-29604
was published
Apr 20, 2023
Arbitrary File Overwrite in Eclipse JGit
High
CVE-2023-4759
was published
for
org.eclipse.jgit:org.eclipse.jgit
(Maven)
Sep 18, 2023
Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows...
Critical
Unreviewed
CVE-2023-3545
was published
Nov 28, 2023
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
High
CVE-2024-23331
was published
for
vite
(npm)
Jan 19, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity
Moderate
CVE-2024-32879
was published
for
social-auth-app-django
(pip)
Apr 24, 2024
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not...
Critical
Unreviewed
CVE-2024-5699
was published
Jun 11, 2024
Spring Framework DataBinder Case Sensitive Match Exception
Moderate
CVE-2024-38820
was published
for
org.springframework:spring-context
(Maven)
Oct 18, 2024
Spring LDAP data exposure vulnerability
Moderate
CVE-2024-38829
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
Dec 4, 2024
Drupal core Access bypass
Moderate
CVE-2024-55634
was published
for
drupal/core
(Composer)
Dec 10, 2024
ProTip!
Advisories are also available from the
GraphQL API