Skip to content

GitHub Advisory Database

The latest security vulnerabilities from the world of open source software.

GitHub reviewed advisories

CC-BY-4.0 License
Select ecosystem

Select ecosystem

All reviewed
5,000+
Composer
433
Go
208
Maven
852
npm
2,119
NuGet
147
pip
801
RubyGems
420
Rust
324

5,290 advisories

Embedded malware in ua-parser-js
GHSA-pjwm-rvh2-c87w (Critical severity) was published Oct 22, 2021 ua-parser-js (npm)
Cross-site scripting vulnerability in TinyMCE
GHSA-5h9g-x5rv-25wg (Moderate severity) was published Oct 22, 2021 TinyMCE (Composer)
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
GHSA-v988-828w-xvf2 (High severity) was published Oct 22, 2021 rucio-webui (pip)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu
CVE-2021-41169 (Moderate severity) was published Oct 22, 2021 sulu/sulu (Composer)
Arbitrary command execution on Windows via qutebrowserurl: URL handler
CVE-2021-41146 (High severity) was published Oct 22, 2021 qutebrowser (pip)
Maliciously Crafted Model Archive Can Lead To Arbitrary File Write
CVE-2021-41127 (High severity) was published Oct 22, 2021 rasa (pip)
Prototype Pollution in x-assign
CVE-2021-23452 (High severity) was published Oct 21, 2021 x-assign (npm)
Directory Traversal in Babel
CVE-2021-42771 (High severity) was published Oct 21, 2021 babel (pip)
forEachSeries and forEachLimit do not limit the number of requests
CVE-2021-41167 (High severity) was published Oct 21, 2021 modern-async (npm)
Cross-site Scripting in snipe-it
CVE-2021-3863 (Moderate severity) was published Oct 21, 2021 snipe/snipe-it (Composer)
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
CVE-2020-25703 (Moderate severity) was published Oct 21, 2021 moodle/moodle (Composer)
Cross-Site Request Forgery in snipe-it
CVE-2021-3858 (Moderate severity) was published Oct 21, 2021 snipe/snipe-it (Composer)
Open Redirect in firefly-iii
CVE-2021-3851 (Moderate severity) was published Oct 21, 2021 grumpydictator/firefly-iii (Composer)
Cross-site Scripting in snipe-it
CVE-2021-3879 (Moderate severity) was published Oct 21, 2021 snipe/snipe-it (Composer)
Authz Module Non-Determinism
CVE-2021-41135 (Moderate severity) was published Oct 21, 2021 github.com/cosmos/cosmos-sdk (Go)
robert-zaremba iramiller
Privilege Defined With Unsafe Actions in Keycloak
CVE-2019-10170 (High severity) was published Oct 21, 2021 org.keycloak:keycloak-core (Maven)
Improper sanitization of delegated role names
CVE-2021-41150 (High severity) was published Oct 19, 2021 tough (Rust)
Improper sanitization of target names
CVE-2021-41149 (High severity) was published Oct 19, 2021 tough (Rust)
Policies not properly enforced in OWASP Java HTML Sanitizer
CVE-2021-42575 (Moderate severity) was published Oct 19, 2021 com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven)
Policies not properly enforced in bluemonday
CVE-2021-42576 (Moderate severity) was published Oct 19, 2021 github.com/microcosm-cc/bluemonday (Go)
Client metadata path-traversal
CVE-2021-41131 (High severity) was published Oct 19, 2021 tuf (pip)
jku
Arbitrary code execution due to YAML deserialization
CVE-2021-41078 (High severity) was published Oct 19, 2021 nameko (pip)
Prototype Pollution in vm2
CVE-2021-23449 (Critical severity) was published Oct 19, 2021 vm2 (npm)
Specification non-compliance in JUMPI
CVE-2021-41153 (High severity) was published Oct 19, 2021 evm (Rust)
Path Traversal in @backstage/plugin-scaffolder-backend
CVE-2021-41151 (Moderate severity) was published Oct 19, 2021 @backstage/plugin-scaffolder-backend (npm)
ProTip! Advisories are also available from the GraphQL API