Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,575 advisories

Loading
Improper Input Validation in Firefly III Low
CVE-2019-14671 was published for grumpydictator/firefly-iii (Composer) Sep 8, 2021
Infinite loop in Tomcat due to parsing error High
CVE-2021-41079 was published for org.apache.tomcat:tomcat (Maven) Sep 20, 2021
Improper Input Validation and Command Injection in Ansible High
CVE-2021-3583 was published for ansible (pip) Sep 23, 2021
HTTP Host Header Injection Moderate
CVE-2021-41114 was published for typo3/cms (Composer) Oct 5, 2021
bnf
Credited to bnf
Improper Input Validation in Jakarta Expression Language Moderate
CVE-2021-28170 was published for com.sun.el:el-ri (Maven) Oct 6, 2021
levpachmanov
Credited to levpachmanov
Code injection in Kubernetes Java Client Moderate
CVE-2021-25738 was published for io.kubernetes:client-java (Maven) Oct 12, 2021
Improper Input Validation in OpenCV Moderate
CVE-2016-1517 was published for opencv-contrib-python (pip) Oct 12, 2021
Validity check missing in Frontier Moderate
CVE-2021-41138 was published for pallet-ethereum (Rust) Oct 13, 2021
Denial of service in DataCommunicator class in Vaadin 8 Moderate
CVE-2021-33609 was published for com.vaadin:vaadin-server (Maven) Oct 13, 2021
SunBK201
Credited to SunBK201
Email relay in Apache Traffic Control Moderate
CVE-2021-42009 was published for github.com/apache/trafficcontrol (Go) Oct 13, 2021
Policies not properly enforced in bluemonday High
CVE-2021-42576 was published for github.com/microcosm-cc/bluemonday (Go) Oct 19, 2021
Policies not properly enforced in OWASP Java HTML Sanitizer Critical
CVE-2021-42575 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) Oct 19, 2021
Geth Node Vulnerable to DoS via maliciously crafted p2p message Moderate
CVE-2021-41173 was published for github.com/ethereum/go-ethereum (Go) Oct 25, 2021
rjl493456442 holiman
Credited to rjl493456442 and holiman
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
Unexpected panics in num-bigint Moderate
GHSA-v935-pqmr-g8v9 was published for num-bigint (Rust) Nov 3, 2021
guidovranken arvidn
Credited to guidovranken and arvidn
Misconfigured IP address field in ROA leads to OctoRPKI crash Moderate
CVE-2021-3911 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Arbitrary filepath traversal via URI injection High
CVE-2021-3907 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
NUL character in ROA causes OctoRPKI to crash High
CVE-2021-3910 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Improper Input Validation in pip High
CVE-2021-3572 was published for pip (pip) Nov 15, 2021
Improper Input Validation in fruity High
CVE-2021-43620 was published for fruity (Rust) Nov 16, 2021
A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an... High Unreviewed
CVE-2020-12961 was published Nov 17, 2021
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a... Moderate Unreviewed
CVE-2021-0158 was published Nov 18, 2021
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection... Moderate Unreviewed
CVE-2021-36322 was published Nov 21, 2021
Moodle vulnerable to RCE via unsafe deserialization Critical
CVE-2021-3943 was published for moodle/moodle (Composer) Nov 23, 2021
Adobe Prelude version 10.1 (and earlier) is affected by an improper input validation... High Unreviewed
CVE-2021-42733 was published Nov 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database