GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,245 advisories
Filter by severity
Base class whitelist configuration ignored in OAuthenticator
High
CVE-2020-26250
was published
for
oauthenticator
(pip)
Dec 1, 2020
Local File Inclusion by unauthenticated users
High
CVE-2020-15246
was published
for
october/cms
(Composer)
Nov 23, 2020
Privilege escalation by backend users assigned to the default "Publisher" system role
Low
CVE-2020-15248
was published
for
october/backend
(Composer)
Nov 23, 2020
Authorization bypass in Spree
High
CVE-2020-26223
was published
for
spree_api
(RubyGems)
Nov 13, 2020
Privilege Escalation in Channelmgnt plug-in for Sopel
Moderate
CVE-2020-15251
was published
for
sopel-plugins-channelmgnt
(pip)
Oct 13, 2020
Android WebView Universal Cross-site Scripting
Moderate
CVE-2020-6506
was published
for
react-native-webview
(npm)
Oct 2, 2020
Invalid root may become trusted root in The Update Framework (TUF)
Moderate
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
Information Disclosure in TYPO3 extension sf_event_mgt
Moderate
CVE-2020-25026
was published
for
derhansen/sf_event_mgt
(Composer)
Sep 2, 2020
Incorrect access control in typo3_forum
Moderate
CVE-2020-15513
was published
for
mittwald/typo3_forum
(Composer)
Jul 29, 2020
Authorization Bypass in I hate money
Moderate
CVE-2020-15120
was published
for
ihatemoney
(pip)
Jul 27, 2020
Possible pod name collisions in jupyterhub-kubespawner
High
CVE-2020-15110
was published
for
jupyterhub-kubespawner
(pip)
Jul 22, 2020
GraphQL: Security breach on Viewer query
Moderate
CVE-2020-15126
was published
for
parse-server
(npm)
Jul 22, 2020
Authorization bypass in express-jwt
High
CVE-2020-15084
was published
for
express-jwt
(npm)
Jun 30, 2020
Information disclosure issue in Active Resource
High
CVE-2020-8151
was published
for
activeresource
(RubyGems)
May 21, 2020
Potential session hijack in Apache CXF
Critical
CVE-2019-12419
was published
for
org.apache.cxf:cxf
(Maven)
Nov 8, 2019
Cleartext Transmission of Sensitive Information in Apache nifi
High
CVE-2018-17195
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
High
CVE-2018-1258
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
Plone and Zope2 vulnerable to unauthorized access to restricted attributes
High
CVE-2012-5489
was published
for
Plone
(pip)
Jul 23, 2018
ProTip!
Advisories are also available from the
GraphQL API