Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

288 advisories

Loading
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
TaffyDB can allow access to any data items in the DB High
CVE-2019-10790 was published for taffy (npm) Feb 19, 2020
ebickle
Validation Bypass in kind-of High
CVE-2019-20149 was published for kind-of (npm) Mar 31, 2020
user-readable api tokens in systemd units for JupyterHub High
CVE-2020-26261 was published for jupyterhub-systemdspawner (pip) Dec 9, 2020
quentinmit
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure High
CVE-2021-31407 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Insecure permissions on build temporary rootfs in Singularity High
CVE-2020-25040 was published for github.com/sylabs/singularity (Go) May 24, 2021
dtrudg tri-adam
Calipso Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2021-23391 was published for calipso (npm) Jun 8, 2021
Arbitrary code execution in Apache Druid High
CVE-2021-26919 was published for org.apache.druid:druid (Maven) Jun 16, 2021
Remote code execution in Eclipse Theia High
CVE-2021-34435 was published for @theia/mini-browser (npm) Sep 2, 2021
Exposure of Resource to Wrong Sphere in LibreNMS High
CVE-2020-15877 was published for librenms/librenms (Composer) Sep 8, 2021
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Exposure of Resource to Wrong Sphere in salt High
CVE-2021-21996 was published for salt (pip) Nov 21, 2021
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS,... High Unreviewed
CVE-2021-34424 was published Nov 25, 2021
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user.... High Unreviewed
CVE-2021-36917 was published Nov 25, 2021
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts... High Unreviewed
CVE-2021-23263 was published Dec 3, 2021
Successful exploitation of this vulnerability could allow an unauthorized user to access... High Unreviewed
CVE-2021-36198 was published Dec 7, 2021
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before... High Unreviewed
CVE-2021-40288 was published Dec 8, 2021
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using... High Unreviewed
CVE-2021-20373 was published Dec 10, 2021
An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary... High Unreviewed
CVE-2021-41065 was published Dec 15, 2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated... High Unreviewed
CVE-2021-44522 was published Dec 15, 2021
Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A High Unreviewed
CVE-2021-39646 was published Dec 16, 2021
Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A High Unreviewed
CVE-2021-1045 was published Dec 16, 2021
Microsoft Defender for IoT Information Disclosure Vulnerability High Unreviewed
CVE-2021-43888 was published Dec 16, 2021
Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE... High Unreviewed
CVE-2021-43222 was published Dec 16, 2021
An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2.... High Unreviewed
CVE-2021-45101 was published Dec 17, 2021
ProTip! Advisories are also available from the GraphQL API