GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,977 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2017-7677
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
Moderate
CVE-2018-1314
was published
for
org.apache.hive:hive-jdbc
(Maven)
Nov 21, 2018
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction
Critical
CVE-2019-10648
was published
for
net.sf.robocode:robocode.host
(Maven)
Apr 2, 2019
Access control bypass in Apache ZooKeeper
Moderate
CVE-2019-0201
was published
for
org.apache.zookeeper:zookeeper
(Maven)
May 29, 2019
Undertow Missing Authorization when requesting a protected directory without trailing slash
High
CVE-2019-10184
was published
for
io.undertow:undertow-servlet
(Maven)
Aug 1, 2019
Missing Authorization in Drupal
Moderate
CVE-2017-6923
was published
for
drupal/core
(Composer)
Oct 10, 2019
Unauthenticated Access Via OAI-PMH
High
CVE-2020-5228
was published
for
org.opencastproject:opencast-oaipmh-api
(Maven)
Jan 30, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper
High
CVE-2020-10187
was published
for
doorkeeper
(RubyGems)
May 7, 2020
File system access via H2 in Apache Ignite
Critical
CVE-2020-1963
was published
for
org.apache.ignite:ignite-core
(Maven)
Jun 5, 2020
Ability to change order address without triggering address validations in solidus
Moderate
CVE-2020-15109
was published
for
solidus_api
(RubyGems)
Aug 4, 2020
Unintended read access in kramdown gem
Critical
CVE-2020-14001
was published
for
kramdown
(RubyGems)
Aug 7, 2020
Privilege Escalation in Channelmgnt plug-in for Sopel
Moderate
CVE-2020-15251
was published
for
sopel-plugins-channelmgnt
(pip)
Oct 13, 2020
Ability to switch customer email address on account detail page and stay verified
Moderate
CVE-2020-15245
was published
for
sylius/sylius
(Composer)
Oct 19, 2020
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
Moderate
CVE-2020-15247
was published
for
october/cms
(Composer)
Nov 23, 2020
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Low
CVE-2020-26231
was published
for
october/cms
(Composer)
Nov 23, 2020
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-w736-hf9p-qqh3
was published
for
com.amazonaws:aws-dynamodb-encryption-java
(Maven)
Feb 8, 2021
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
Generation of fake documents via public GET-call
Low
GHSA-jvg4-9rc2-wvcr
was published
for
shopware/platform
(Composer)
Feb 10, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
Moderate
CVE-2020-10684
was published
for
ansible
(pip)
Apr 7, 2021
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Moderate
CVE-2021-21264
was published
for
october/cms
(Composer)
May 4, 2021
Kubernetes Privilege Escalation
Critical
CVE-2017-1000056
was published
for
k8s.io/kubernetes
(Go)
May 12, 2021
Authenticated users can exploit an enumeration vulnerability in Harbor
Moderate
CVE-2020-13794
was published
for
github.com/goharbor/harbor
(Go)
May 24, 2021
Missing Authorization in Jenkins Kubernetes CLI Plugin
Moderate
CVE-2021-21661
was published
for
org.jenkins-ci.plugins:kubernetes-cli
(Maven)
Jun 16, 2021
ProTip!
Advisories are also available from the
GraphQL API