GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
829
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,636 advisories
Filter by severity
Exposure of sensitive information in Elasticsearch
Moderate
CVE-2021-22147
was published
for
org.elasticsearch:elasticsearch
(Maven)
Sep 20, 2021
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Moderate
CVE-2021-38698
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
Missing Authorization in FastReport
Critical
CVE-2020-27998
was published
for
FastReport.OpenSource
(NuGet)
Aug 2, 2021
Missing Authorization in TYPO3 extension
Moderate
CVE-2020-12700
was published
for
directmailteam/direct-mail
(Composer)
Jul 26, 2021
Missing Authorization in TYPO3 extension
Moderate
CVE-2020-12698
was published
for
directmailteam/direct-mail
(Composer)
Jul 26, 2021
Missing Authorization in TeamPass
High
CVE-2020-11671
was published
for
nilsteampassnet/teampass
(Composer)
Jul 26, 2021
Missing Authorization in Jenkins P4 plugin
Moderate
CVE-2021-21654
was published
for
org.jenkins-ci.plugins:p4
(Maven)
Jun 16, 2021
Missing Authorization in jenkins xray-connector
Moderate
CVE-2021-21653
was published
for
org.jenkins-ci.plugins:xray-connector
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins S3 publisher Plugin
Moderate
CVE-2021-21651
was published
for
org.jenkins-ci.plugins:s3
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins S3 publisher Plugin
Moderate
CVE-2021-21650
was published
for
org.jenkins-ci.plugins:s3
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins Kubernetes CLI Plugin
Moderate
CVE-2021-21661
was published
for
org.jenkins-ci.plugins:kubernetes-cli
(Maven)
Jun 16, 2021
Authenticated users can exploit an enumeration vulnerability in Harbor
Moderate
CVE-2020-13794
was published
for
github.com/goharbor/harbor
(Go)
May 24, 2021
Kubernetes Privilege Escalation
Critical
CVE-2017-1000056
was published
for
k8s.io/kubernetes
(Go)
May 12, 2021
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Moderate
CVE-2021-21264
was published
for
october/cms
(Composer)
May 4, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
High
CVE-2020-10684
was published
for
ansible
(pip)
Apr 7, 2021
Generation of fake documents via public GET-call
Low
GHSA-jvg4-9rc2-wvcr
was published
for
shopware/platform
(Composer)
Feb 10, 2021
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-w736-hf9p-qqh3
was published
for
com.amazonaws:aws-dynamodb-encryption-java
(Maven)
Feb 8, 2021
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Low
CVE-2020-26231
was published
for
october/cms
(Composer)
Nov 23, 2020
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
Moderate
CVE-2020-15247
was published
for
october/cms
(Composer)
Nov 23, 2020
Ability to switch customer email address on account detail page and stay verified
Moderate
CVE-2020-15245
was published
for
sylius/sylius
(Composer)
Oct 19, 2020
Privilege Escalation in Channelmgnt plug-in for Sopel
High
CVE-2020-15251
was published
for
sopel_plugins.channelmgnt
(pip)
Oct 13, 2020
Unintended read access in kramdown gem
Critical
CVE-2020-14001
was published
for
kramdown
(RubyGems)
Aug 7, 2020
ProTip!
Advisories are also available from the
GraphQL API