GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
60 advisories
Filter by severity
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
High
CVE-2023-33170
was published
for
Microsoft.AspNet.Identity.Owin
(NuGet)
Jul 11, 2023
Race condition in org.apache.hbase:hbase-thrift
High
CVE-2018-8025
was published
for
org.apache.hbase:hbase-thrift
(Maven)
Oct 18, 2018
Race Condition in Jenkins
High
CVE-2017-1000503
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat
High
CVE-2016-8745
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts
High
CVE-2024-23651
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
snapd Race Condition vulnerability
High
CVE-2022-3328
was published
for
github.com/snapcore/snapd
(Go)
Jan 8, 2024
Fabric vulnerable to crosslinking transaction attack
High
CVE-2023-46132
was published
for
github.com/hyperledger/fabric
(Go)
Nov 14, 2023
ZITADEL race condition in lockout policy execution
High
CVE-2023-47111
was published
for
github.com/zitadel/zitadel
(Go)
Nov 8, 2023
LXD vulnerable to Race Condition
High
CVE-2015-1340
was published
for
github.com/lxc/lxd
(Go)
May 24, 2022
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
High
CVE-2020-10684
was published
for
ansible
(pip)
Apr 7, 2021
Webargs mishandles concurrent JSON parsing
High
CVE-2019-9710
was published
for
webargs
(pip)
Mar 12, 2019
private_address_check contains race condition
High
CVE-2018-3759
was published
for
private_address_check
(RubyGems)
Jul 31, 2018
Radicale is vulnerable to timing oracles and simple bruteforce attacks
High
CVE-2017-8342
was published
for
Radicale
(pip)
May 13, 2022
Phusion Passenger Race Condition Allows Privilege Escalation
High
CVE-2018-12029
was published
for
passenger
(RubyGems)
May 14, 2022
Data races in ticketed_lock
High
GHSA-gq4h-f254-7cw9
was published
for
ticketed_lock
(Rust)
Aug 25, 2021
Data races in tiny_future
High
GHSA-m296-j53x-xv95
was published
for
tiny_future
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API