Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,575 advisories

Loading
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints Moderate
CVE-2021-21393 was published for matrix-synapse (pip) Apr 13, 2021
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints Moderate
CVE-2021-21394 was published for matrix-synapse (pip) Apr 13, 2021
Improper Input Validation in network-manager Critical
CVE-2019-10786 was published for network-manager (npm) Apr 13, 2021
Code injection in port-killer High
CVE-2021-23359 was published for port-killer (npm) Apr 13, 2021
Improper Input Validation in SocksJS-Node Moderate
CVE-2020-7693 was published for sockjs (npm) Apr 13, 2021
Remote code execution in mongo-express Critical
CVE-2020-24391 was published for mongodb-query-parser (npm) Apr 13, 2021
Improper Input Validation in klona High
CVE-2020-8125 was published for klona (npm) Apr 13, 2021
Improper parsing of octal bytes in netmask Critical
CVE-2021-28918 was published for netmask (npm) Apr 14, 2021
Sydent DoS (via resource exhaustion) due to improper input validation Moderate
CVE-2021-29433 was published for matrix-sydent (pip) Apr 16, 2021
Directory traversal in development mode handler in Vaadin 14 and 15-17 Moderate
GHSA-82mf-mmh7-hxp5 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Directory traversal in development mode handler in Vaadin 14 and 15-17 Moderate
CVE-2020-36321 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Sydent vulnerable to denial of service attack via memory exhaustion High
CVE-2021-29430 was published for matrix-sydent (pip) Apr 19, 2021
SSRF in Sydent due to missing validation of hostnames Moderate
CVE-2021-29431 was published for matrix-sydent (pip) Apr 19, 2021
Malicious users could abuse Sydent to control the content of invitation emails Moderate
CVE-2021-29432 was published for matrix-sydent (pip) Apr 19, 2021
VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption Low
GHSA-375m-5fvv-xq23 was published for vyper (pip) Apr 19, 2021
Improper Input Validation in PyYAML Critical
CVE-2020-1747 was published for pyyaml (pip) Apr 20, 2021
tdunlap607 amita-seal
Credited to tdunlap607 and amita-seal
OS Command Injection and Improper Input Validation in ansible High
CVE-2019-14904 was published for ansible (pip) Apr 20, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible High
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Path Traversal and Improper Input Validation in Apache Commons IO Moderate
CVE-2021-29425 was published for com.cosium.vet:vet (Maven) Apr 26, 2021
wtwhite jensdietrich
Credited to wtwhite and jensdietrich
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
cumulative-distribution-function Infinite Loop vulnerability High
CVE-2021-29486 was published for cumulative-distribution-function (npm) May 4, 2021
Improper Input Validation in sanitize-html Moderate
CVE-2021-26539 was published for sanitize-html (npm) May 6, 2021
tdunlap607
Credited to tdunlap607
Improper Input Validation in sanitize-html Moderate
CVE-2021-26540 was published for sanitize-html (npm) May 6, 2021
Validation bypass in jpv Critical
CVE-2020-17479 was published for jpv (npm) May 6, 2021
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database