GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
22
Go
2,166
Maven
5,000+
npm
3,829
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+
4,013 advisories
Filter by severity
Authentication bypass for viewing and deletions of snapshots
High
CVE-2021-39226
was published
for
github.com/grafana/grafana
(Go)
Oct 5, 2021
Improper Authorization in Google OAuth Client
High
CVE-2020-7692
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Sep 28, 2021
Exposure of sensitive information in Elasticsearch
Moderate
CVE-2021-22147
was published
for
org.elasticsearch:elasticsearch
(Maven)
Sep 20, 2021
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Moderate
CVE-2021-38698
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
Missing Authorization in FastReport
Critical
CVE-2020-27998
was published
for
FastReport.OpenSource
(NuGet)
Aug 2, 2021
Missing Authorization in TYPO3 extension
Moderate
CVE-2020-12700
was published
for
directmailteam/direct-mail
(Composer)
Jul 26, 2021
Missing Authorization in TYPO3 extension
Moderate
CVE-2020-12698
was published
for
directmailteam/direct-mail
(Composer)
Jul 26, 2021
Missing Authorization in TeamPass
High
CVE-2020-11671
was published
for
nilsteampassnet/teampass
(Composer)
Jul 26, 2021
Missing Authorization in Jenkins P4 plugin
Moderate
CVE-2021-21654
was published
for
org.jenkins-ci.plugins:p4
(Maven)
Jun 16, 2021
Missing Authorization in jenkins xray-connector
Moderate
CVE-2021-21653
was published
for
org.jenkins-ci.plugins:xray-connector
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins S3 publisher Plugin
Moderate
CVE-2021-21651
was published
for
org.jenkins-ci.plugins:s3
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins S3 publisher Plugin
Moderate
CVE-2021-21650
was published
for
org.jenkins-ci.plugins:s3
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins Kubernetes CLI Plugin
Moderate
CVE-2021-21661
was published
for
org.jenkins-ci.plugins:kubernetes-cli
(Maven)
Jun 16, 2021
Authenticated users can exploit an enumeration vulnerability in Harbor
Moderate
CVE-2020-13794
was published
for
github.com/goharbor/harbor
(Go)
May 24, 2021
Kubernetes Privilege Escalation
Critical
CVE-2017-1000056
was published
for
k8s.io/kubernetes
(Go)
May 12, 2021
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Moderate
CVE-2021-21264
was published
for
october/cms
(Composer)
May 4, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
Moderate
CVE-2020-10684
was published
for
ansible
(pip)
Apr 7, 2021
Generation of fake documents via public GET-call
Low
GHSA-jvg4-9rc2-wvcr
was published
for
shopware/platform
(Composer)
Feb 10, 2021
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-w736-hf9p-qqh3
was published
for
com.amazonaws:aws-dynamodb-encryption-java
(Maven)
Feb 8, 2021
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Low
CVE-2020-26231
was published
for
october/cms
(Composer)
Nov 23, 2020
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
Moderate
CVE-2020-15247
was published
for
october/cms
(Composer)
Nov 23, 2020
Ability to switch customer email address on account detail page and stay verified
Moderate
CVE-2020-15245
was published
for
sylius/sylius
(Composer)
Oct 19, 2020
ProTip!
Advisories are also available from the
GraphQL API