Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Remote code execution in Microsoft.WindowsDesktop.App.Ref High
CVE-2020-0606 was published for Microsoft.WindowsDesktop.App.Ref (NuGet) May 24, 2022
skofman1
Credited to skofman1
Magento arbitrary PHP code execution via the productData parameter High
CVE-2015-6497 was published for magento/core (Composer) May 24, 2022
Kubernetes ingress exposes sensitive information Moderate
CVE-2018-1002104 was published for k8s.io/ingress-nginx (Go) May 24, 2022
HashBrown CMS RCE Critical
CVE-2020-6948 was published for hashbrown-cms (npm) May 24, 2022
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access Moderate
CVE-2019-11255 was published for github.com/kubernetes-csi/external-provisioner (Go) May 24, 2022
Ansible password prompts could expose passwords High
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
Credited to tdunlap607
Cezerin Unauthorized Acces High
CVE-2019-18608 was published for cezerin (npm) May 24, 2022
sr_freecap for Typo3 RCE Vulnerability Critical
CVE-2019-16699 was published for sjbr/sr-freecap (Composer) May 24, 2022
Elastic APM agent for Python client CGI proxy redirection flaw Moderate
CVE-2019-7617 was published for elastic-apm (pip) May 24, 2022
Magento 2 Community Edition Information Disclosure Moderate
CVE-2019-7899 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Information Disclosure Moderate
CVE-2019-7898 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-7885 was published for magento/community-edition (Composer) May 24, 2022
mastercactapus proxyprotocol vulnerable to denial of service High
CVE-2019-14243 was published for github.com/mastercactapus/proxyprotocol (Go) May 24, 2022
Improper Input Validation in Apache Kafka High
CVE-2018-17196 was published for org.apache.kafka:kafka (Maven) May 24, 2022
Moodle Private files uploaded via incoming mail processing could bypass quota restrictions Moderate
CVE-2019-10134 was published for moodle/moodle (Composer) May 24, 2022
glot-code-runner RCE Critical
CVE-2018-15747 was published for github.com/prasmussen/glot-code-runner (Go) May 24, 2022
phpBB Denial of Service High
CVE-2019-9826 was published for phpbb/phpbb (Composer) May 24, 2022
Matrix Sydent mishandles emails Moderate
CVE-2019-11340 was published for matrix-sydent (pip) May 24, 2022
Missing validation causes `TensorSummaryV2` to crash Moderate
CVE-2022-29193 was published for tensorflow (pip) May 24, 2022
Login screen allows message spoofing if SSO is enabled Moderate
CVE-2022-24905 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Ansible Remote Code Execution Critical
CVE-2014-4657 was published for ansible (pip) May 17, 2022
JGit Improper Input Validation vulnerability Critical
CVE-2014-9390 was published for mercurial (Maven) May 17, 2022
openshift-origin-node Improper Input Validation vulnerability Moderate
CVE-2014-0084 was published for openshift-origin-node (RubyGems) May 17, 2022
Improper input validation in pyftpdlib Moderate
CVE-2008-7264 was published for pyftpdlib (pip) May 17, 2022
Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP High
CVE-2010-3708 was published for org.drools:drools-core (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database