GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
981 advisories
Filter by severity
The reset password form reveal users email address
Moderate
CVE-2021-32731
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Jul 2, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Moderate
CVE-2021-31412
was published
for
com.vaadin:vaadin-bom
(Maven)
Jun 28, 2021
Access Control Bypass
Moderate
CVE-2018-20321
was published
for
github.com/rancher/rancher
(Go)
Jun 23, 2021
Arbitrary code execution in Apache Druid
High
CVE-2021-26919
was published
for
org.apache.druid:druid
(Maven)
Jun 16, 2021
Calipso Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2021-23391
was published
for
calipso
(npm)
Jun 8, 2021
Insecure permissions on build temporary rootfs in Singularity
High
CVE-2020-25040
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Critical
CVE-2021-21428
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 11, 2021
Man-in-the-middle attack in Apache Cassandra
Moderate
CVE-2020-13946
was published
for
org.apache.cassandra:cassandra-all
(Maven)
May 7, 2021
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File
Moderate
CVE-2020-1733
was published
for
ansible
(pip)
Apr 20, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
Moderate
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
Potential sensitive data exposure in applications using Vaadin 15
Low
CVE-2020-36319
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
High
CVE-2021-31407
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Exposure of Resource to Wrong Sphere in valib
Moderate
CVE-2019-10805
was published
for
valib
(npm)
Apr 13, 2021
After order payment process manipulation in shopware/platform and shopware/core
Critical
GHSA-88rc-3p98-rgvx
was published
for
shopware/core
(Composer)
Apr 13, 2021
Leak of information via Store-API aggregations in shopware/platform and shopware/core
Critical
GHSA-qg7c-q3vq-rgxr
was published
for
shopware/core
(Composer)
Apr 13, 2021
Exposure of class information in RESTEasy
Moderate
CVE-2021-20289
was published
for
org.jboss.resteasy:resteasy-core
(Maven)
Apr 7, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Moderate
CVE-2020-10685
was published
for
ansible
(pip)
Apr 7, 2021
Local Information Disclosure Vulnerability in Netty on Unix-Like systems
Moderate
CVE-2021-21290
was published
for
io.netty:netty
(Maven)
Feb 8, 2021
IPC messages delivered to the wrong frame in Electron
Moderate
CVE-2020-26272
was published
for
electron
(npm)
Jan 28, 2021
user-readable api tokens in systemd units for JupyterHub
High
CVE-2020-26261
was published
for
jupyterhub-systemdspawner
(pip)
Dec 9, 2020
Context isolation bypass in Electron
Low
CVE-2020-15215
was published
for
electron
(npm)
Oct 6, 2020
Sensitive Data Exposure in Apache Ant
Moderate
CVE-2020-1945
was published
for
org.apache.ant:ant
(Maven)
Sep 14, 2020
Validation Bypass in schema-inspector
Critical
CVE-2019-10781
was published
for
schema-inspector
(npm)
Jun 10, 2020
ProTip!
Advisories are also available from the
GraphQL API