Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

147 advisories

Loading
RuboCop gem Insecure use of /tmp Low
CVE-2017-8418 was published for rubocop (RubyGems) Nov 15, 2017
tdunlap607
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
Pomelo allows external control of critical state data Moderate
CVE-2019-18954 was published for pomelo (npm) Dec 2, 2019
TaffyDB can allow access to any data items in the DB High
CVE-2019-10790 was published for taffy (npm) Feb 19, 2020
ebickle
python-docutils allows insecure usage of temporary files Critical
CVE-2009-5042 was published for docutils (pip) Mar 13, 2020
Validation Bypass in kind-of High
CVE-2019-20149 was published for kind-of (npm) Mar 31, 2020
Validation Bypass in schema-inspector Critical
CVE-2019-10781 was published for schema-inspector (npm) Jun 10, 2020
Sensitive Data Exposure in Apache Ant Moderate
CVE-2020-1945 was published for org.apache.ant:ant (Maven) Sep 14, 2020
Context isolation bypass in Electron Low
CVE-2020-15215 was published for electron (npm) Oct 6, 2020
nornagon MarshallOfSound
user-readable api tokens in systemd units for JupyterHub High
CVE-2020-26261 was published for jupyterhub-systemdspawner (pip) Dec 9, 2020
quentinmit
IPC messages delivered to the wrong frame in Electron Moderate
CVE-2020-26272 was published for electron (npm) Jan 28, 2021
nornagon
Local Information Disclosure Vulnerability in Netty on Unix-Like systems Moderate
CVE-2021-21290 was published for io.netty:netty (Maven) Feb 8, 2021
JLLeitschuh westonsteimel
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Moderate
CVE-2020-10685 was published for ansible (pip) Apr 7, 2021
Exposure of class information in RESTEasy Moderate
CVE-2021-20289 was published for org.jboss.resteasy:resteasy-core (Maven) Apr 7, 2021
Leak of information via Store-API aggregations in shopware/platform and shopware/core Critical
GHSA-qg7c-q3vq-rgxr was published for shopware/core (Composer) Apr 13, 2021
After order payment process manipulation in shopware/platform and shopware/core Critical
GHSA-88rc-3p98-rgvx was published for shopware/core (Composer) Apr 13, 2021
Exposure of Resource to Wrong Sphere in valib Moderate
CVE-2019-10805 was published for valib (npm) Apr 13, 2021
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure High
CVE-2021-31407 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Potential sensitive data exposure in applications using Vaadin 15 Low
CVE-2020-36319 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
knoobie
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible Moderate
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File Moderate
CVE-2020-1733 was published for ansible (pip) Apr 20, 2021
Local information disclosure via system temporary directory Moderate
CVE-2021-28168 was published for org.glassfish.jersey.core:jersey-common (Maven) Apr 23, 2021
JLLeitschuh
Man-in-the-middle attack in Apache Cassandra Moderate
CVE-2020-13946 was published for org.apache.cassandra:cassandra-all (Maven) May 7, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator Critical
CVE-2021-21428 was published for org.openapitools:openapi-generator-online (Maven) May 11, 2021
JLLeitschuh
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code Moderate
CVE-2021-21430 was published for org.openapitools:openapi-generator (Maven) May 11, 2021
JLLeitschuh
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database