GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
196 advisories
Filter by severity
GraphQL: Security breach on Viewer query
Moderate
CVE-2020-15126
was published
for
parse-server
(npm)
Jul 22, 2020
Authorization Bypass in I hate money
Moderate
CVE-2020-15120
was published
for
ihatemoney
(pip)
Jul 27, 2020
Incorrect access control in typo3_forum
Moderate
CVE-2020-15513
was published
for
mittwald/typo3_forum
(Composer)
Jul 29, 2020
Information Disclosure in TYPO3 extension sf_event_mgt
Moderate
CVE-2020-25026
was published
for
derhansen/sf_event_mgt
(Composer)
Sep 2, 2020
Invalid root may become trusted root in The Update Framework (TUF)
Moderate
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
Android WebView Universal Cross-site Scripting
Moderate
CVE-2020-6506
was published
for
react-native-webview
(npm)
Oct 2, 2020
Privilege Escalation in Channelmgnt plug-in for Sopel
Moderate
CVE-2020-15251
was published
for
sopel-plugins-channelmgnt
(pip)
Oct 13, 2020
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-22134
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Privilage Escalation in moodle
Moderate
CVE-2020-25701
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Moodle allowed some users without permission to view other users' full names
Moderate
CVE-2021-20281
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Authorization Before Parsing and Canonicalization in jetty
Moderate
CVE-2021-28164
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Apr 6, 2021
Incorrect Authorization in Spring Cloud Netflix Zuul
Moderate
CVE-2021-22113
was published
for
org.springframework.cloud:spring-cloud-netflix-zuul
(Maven)
May 10, 2021
Broken Authentication in Atlassian Connect Spring Boot
Moderate
CVE-2021-26074
was published
for
com.atlassian.connect:atlassian-connect-spring-boot-starter
(Maven)
May 10, 2021
In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication
Moderate
CVE-2021-28681
was published
for
github.com/pion/webrtc/v3
(Go)
May 25, 2021
Access Restriction Bypass in kube-apiserver
Moderate
CVE-2021-25735
was published
for
k8s.io/kubernetes
(Go)
May 28, 2021
Improper Input Validation
Moderate
CVE-2021-3499
was published
for
github.com/ovn-org/ovn-kubernetes
(Go)
Jun 8, 2021
Encoded URIs can access WEB-INF directory in Eclipse Jetty
Moderate
CVE-2021-34429
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Jul 19, 2021
Incorrect Authorization in TYPO3 extension
Moderate
CVE-2020-25025
was published
for
localizationteam/l10nmgr
(Composer)
Jul 26, 2021
Incorrect Authorization in HashiCorp Consul
Moderate
CVE-2020-7955
was published
for
github.com/hashicorp/consul
(Go)
Jul 28, 2021
Improper Access Control in Dolibarr
Moderate
CVE-2021-25954
was published
for
dolibarr/dolibarr
(Composer)
Aug 11, 2021
Druid ingestion system Authenticated users can read data from other sources than intended
Moderate
CVE-2021-26920
was published
for
org.apache.druid:druid-core
(Maven)
Aug 13, 2021
parse-server new anonymous user session acts as if it's created with password
Moderate
CVE-2021-39138
was published
for
parse-server
(npm)
Aug 23, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32716
was published
for
shopware/platform
(Composer)
Sep 8, 2021
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Moderate
CVE-2021-38698
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
ProTip!
Advisories are also available from the
GraphQL API