GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,969
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,323 advisories
Filter by severity
ingress-nginx component for Kubernetes allows file overwrite
Moderate
CVE-2020-8553
was published
for
k8s.io/ingress-nginx
(Go)
May 24, 2022
Dolibarr CRM allows Privilege Escalation
Moderate
CVE-2020-14201
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Wildfly Unsafe Deserialization Vulnerability
High
CVE-2020-10740
was published
for
org.wildfly:wildfly-parent
(Maven)
May 24, 2022
containernetworking/plugins vulnerable to MitM attacks
Moderate
CVE-2020-10749
was published
for
github.com/containernetworking/plugins
(Go)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-1073
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-0969
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
Diavante vue-storefront-api and storefront-api disclose stack trace
Moderate
CVE-2020-11883
was published
for
storefront-api
(npm)
May 24, 2022
Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
Moderate
CVE-2023-23931
was published
for
cryptography
(pip)
Feb 7, 2023
Wallabag user can delete own API client unintentionally
Moderate
CVE-2023-4455
was published
for
wallabag/wallabag
(Composer)
Aug 21, 2023
Duplicate Advisory: Kerberos for NodeJS allows DLL Injection
High
GHSA-f478-xwv9-p93q
was published
for
kerberos
(npm)
May 24, 2022
•
withdrawn
OpenNMS Horizon RCE via Unsafe Deserialization
High
CVE-2020-12760
was published
for
org.opennms.core:org.opennms.core.daemon
(Maven)
May 24, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection
High
CVE-2020-12790
was published
for
nystudio107/craft-seomatic
(Composer)
May 24, 2022
WSO2 API Manager vulnerable to SSRF
Critical
CVE-2020-13226
was published
for
org.wso2.am:am-parent
(Maven)
May 24, 2022
Microweber allows Unrestricted File Upload
High
CVE-2020-13241
was published
for
microweber/microweber
(Composer)
May 24, 2022
Moodle vulnerable to RCE
High
CVE-2020-10738
was published
for
moodle/moodle
(Composer)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-1065
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
Remote code execution via MongoDB BSON parser through prototype pollution
Critical
CVE-2022-39396
was published
for
parse-server
(npm)
Nov 8, 2022
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
High
CVE-2022-41879
was published
for
parse-server
(npm)
Nov 10, 2022
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
High
CVE-2022-41878
was published
for
parse-server
(npm)
Nov 9, 2022
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access
Moderate
CVE-2019-11255
was published
for
github.com/kubernetes-csi/external-provisioner
(Go)
May 24, 2022
Apache Spark vulnerable to Improper Privilege Management
Critical
CVE-2023-22946
was published
for
org.apache.spark:spark-core_2.12
(Maven)
Apr 17, 2023
ovirt-engine Logs Plaintext Passwords To File
Moderate
CVE-2017-15113
was published
for
org.ovirt.engine.sdk:ovirt-engine-sdk-java
(Maven)
May 13, 2022
•
withdrawn
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
High
CVE-2022-44566
was published
for
activerecord
(RubyGems)
Jan 18, 2023
ProTip!
Advisories are also available from the
GraphQL API