Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,524
NuGet
611
pip
3,098
Pub
10
RubyGems
834
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+

60 advisories

Loading
python-docutils allows insecure usage of temporary files Critical
CVE-2009-5042 was published for docutils (pip) Mar 13, 2020
Validation Bypass in schema-inspector Critical
CVE-2019-10781 was published for schema-inspector (npm) Jun 10, 2020
Leak of information via Store-API aggregations in shopware/platform and shopware/core Critical
GHSA-qg7c-q3vq-rgxr was published for shopware/core (Composer) Apr 13, 2021
After order payment process manipulation in shopware/platform and shopware/core Critical
GHSA-88rc-3p98-rgvx was published for shopware/core (Composer) Apr 13, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator Critical
CVE-2021-21428 was published for org.openapitools:openapi-generator-online (Maven) May 11, 2021
JLLeitschuh
Remote code execution in dask Critical
CVE-2021-42343 was published for distributed (pip) Oct 27, 2021
Exposure of sensitive information in Apache Ozone Critical
CVE-2021-39231 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation... Critical Unreviewed
CVE-2021-43674 was published Dec 4, 2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated... Critical Unreviewed
CVE-2021-44524 was published Dec 15, 2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated... Critical Unreviewed
CVE-2021-44523 was published Dec 15, 2021
Exposure of Resource to Wrong Sphere in org.craftercms:crafter-search Critical
CVE-2021-23264 was published for org.craftercms:crafter-search (Maven) Dec 16, 2021
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g.... Critical Unreviewed
CVE-2021-44676 was published Dec 21, 2021
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of... Critical Unreviewed
CVE-2021-44525 was published Dec 21, 2021
Exposure of Resource to Wrong Sphere in Zip-Local Critical
CVE-2021-23484 was published for zip-local (npm) Feb 1, 2022
NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can... Critical Unreviewed
CVE-2022-21817 was published Feb 8, 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct... Critical Unreviewed
CVE-2021-42640 was published Feb 9, 2022
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator... Critical Unreviewed
CVE-2022-25236 was published Feb 17, 2022
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when... Critical Unreviewed
CVE-2022-25643 was published Feb 25, 2022
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the... Critical Unreviewed
CVE-2022-25010 was published Mar 3, 2022
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any... Critical Unreviewed
CVE-2022-24074 was published Mar 18, 2022
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not... Critical Unreviewed
CVE-2022-27919 was published Mar 26, 2022
Insecure temporary file usage in SWHKD Critical
CVE-2022-27818 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 8, 2022
J3rry-1729
Mondo 2.24 has insecure handling of temporary files. Critical Unreviewed
CVE-2007-3915 was published Apr 21, 2022
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log... Critical Unreviewed
CVE-2022-27332 was published Apr 28, 2022
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead... Critical Unreviewed
CVE-2021-42001 was published May 3, 2022
ProTip! Advisories are also available from the GraphQL API