Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

974 advisories

Exposure of sensitive information in Apache Ozone Critical
CVE-2021-39231 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Apache Ozone exposes OM, SCM and Datanode metadata Moderate
CVE-2021-41532 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Exposure of Resource to Wrong Sphere in salt High
CVE-2021-21996 was published for salt (pip) Nov 21, 2021
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not... Moderate Unreviewed
CVE-2021-42744 was published Nov 20, 2021
Remote code execution in dask Critical
CVE-2021-42343 was published for distributed (pip) Oct 27, 2021
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API Moderate
CVE-2021-39184 was published for electron (npm) Oct 12, 2021
nornagon
Druid ingestion system Authenticated users can read data from other sources than intended Moderate
CVE-2021-36749 was published for org.apache.druid:druid-core (Maven) Sep 27, 2021
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Exposure of Resource to Wrong Sphere in LibreNMS High
CVE-2020-15877 was published for librenms/librenms (Composer) Sep 8, 2021
Remote code execution in Eclipse Theia High
CVE-2021-34435 was published for @theia/mini-browser (npm) Sep 2, 2021
CSRF token exposure in TYPO3 extension Moderate
CVE-2021-36793 was published for lms/routes (Composer) Sep 2, 2021
Exposed phpinfo() leadked via documentation files Moderate
CVE-2021-37704 was published for phpfastcache/phpfastcache (Composer) Aug 30, 2021
Geolim4
File exposure in pleaser Low
CVE-2021-31153 was published for pleaser (Rust) Aug 25, 2021
another-rex
Archive package allows chmod of file outside of unpack target directory Moderate
CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021
tdunlap607
The reset password form reveal users email address Moderate
CVE-2021-32731 was published for org.xwiki.platform:xwiki-platform-web (Maven) Jul 2, 2021
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19 Moderate
CVE-2021-31412 was published for com.vaadin:vaadin-bom (Maven) Jun 28, 2021
Access Control Bypass Moderate
CVE-2018-20321 was published for github.com/rancher/rancher (Go) Jun 23, 2021
Arbitrary code execution in Apache Druid High
CVE-2021-26919 was published for org.apache.druid:druid (Maven) Jun 16, 2021
Calipso Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2021-23391 was published for calipso (npm) Jun 8, 2021
Insecure permissions on build temporary rootfs in Singularity High
CVE-2020-25040 was published for github.com/sylabs/singularity (Go) May 24, 2021
dtrudg tri-adam
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code Moderate
CVE-2021-21430 was published for org.openapitools:openapi-generator (Maven) May 11, 2021
JLLeitschuh
ProTip! Advisories are also available from the GraphQL API