GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9,962 advisories
Privilege escalation: all users can access Admin-level API keys
Moderate
CVE-2021-39192
was published
for
ghost
(npm)
Jul 22, 2021
Buildah processes using chroot isolation may leak environment values to intermediate processes
Moderate
CVE-2021-3602
was published
for
github.com/containers/buildah
(Go)
Jul 19, 2021
Encoded URIs can access WEB-INF directory in Eclipse Jetty
Moderate
CVE-2021-34429
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Jul 19, 2021
List of order ids, number, items total and token value exposed for unauthorized uses via new API
Moderate
CVE-2021-32720
was published
for
sylius/sylius
(Composer)
Jun 29, 2021
Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
Moderate
CVE-2021-28169
was published
for
org.eclipse.jetty:jetty-servlets
(Maven)
Jun 10, 2021
Exposure of sensitive information to an unauthorized actor in HyperKitty
High
CVE-2021-33038
was published
for
HyperKitty
(pip)
Jun 1, 2021
Private Field data leak
High
CVE-2021-32624
was published
for
@keystonejs/keystone
(npm)
May 27, 2021
JWT leak via Open Redirect in Programmatic access
Moderate
CVE-2021-29651
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
ProTip!
Advisories are also available from the
GraphQL API