GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
288 advisories
Filter by severity
TaffyDB can allow access to any data items in the DB
High
CVE-2019-10790
was published
for
taffy
(npm)
Feb 19, 2020
user-readable api tokens in systemd units for JupyterHub
High
CVE-2020-26261
was published
for
jupyterhub-systemdspawner
(pip)
Dec 9, 2020
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
High
CVE-2021-31407
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Insecure permissions on build temporary rootfs in Singularity
High
CVE-2020-25040
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
Calipso Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2021-23391
was published
for
calipso
(npm)
Jun 8, 2021
Arbitrary code execution in Apache Druid
High
CVE-2021-26919
was published
for
org.apache.druid:druid
(Maven)
Jun 16, 2021
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
Exposure of Resource to Wrong Sphere in LibreNMS
High
CVE-2020-15877
was published
for
librenms/librenms
(Composer)
Sep 8, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Exposure of Resource to Wrong Sphere in salt
High
CVE-2021-21996
was published
for
salt
(pip)
Nov 21, 2021
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS,...
High
Unreviewed
CVE-2021-34424
was published
Nov 25, 2021
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user....
High
Unreviewed
CVE-2021-36917
was published
Nov 25, 2021
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts...
High
Unreviewed
CVE-2021-23263
was published
Dec 3, 2021
Successful exploitation of this vulnerability could allow an unauthorized user to access...
High
Unreviewed
CVE-2021-36198
was published
Dec 7, 2021
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before...
High
Unreviewed
CVE-2021-40288
was published
Dec 8, 2021
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using...
High
Unreviewed
CVE-2021-20373
was published
Dec 10, 2021
An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary...
High
Unreviewed
CVE-2021-41065
was published
Dec 15, 2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated...
High
Unreviewed
CVE-2021-44522
was published
Dec 15, 2021
Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A
High
Unreviewed
CVE-2021-39646
was published
Dec 16, 2021
Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A
High
Unreviewed
CVE-2021-1045
was published
Dec 16, 2021
Microsoft Defender for IoT Information Disclosure Vulnerability
High
Unreviewed
CVE-2021-43888
was published
Dec 16, 2021
Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE...
High
Unreviewed
CVE-2021-43222
was published
Dec 16, 2021
An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2....
High
Unreviewed
CVE-2021-45101
was published
Dec 17, 2021
ProTip!
Advisories are also available from the
GraphQL API