GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
814 advisories
Filter by severity
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR...
Critical
Unreviewed
CVE-2021-42783
was published
Nov 24, 2021
Authentication bypass issue in the Operator Console
High
CVE-2021-41266
was published
for
github.com/minio/console
(Go)
Nov 15, 2021
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Missing Authentication for Critical Function in Saleor
Moderate
CVE-2020-7964
was published
for
saleor
(pip)
Jul 28, 2021
Missing Authentication for Critical Function
Moderate
CVE-2021-32709
was published
for
shopware/platform
(Composer)
Jun 29, 2021
Creation of order credits was not validated by acl in admin orders
Low
GHSA-g7w8-pp9w-7p32
was published
for
shopware/core
(Composer)
Jun 28, 2021
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually
Moderate
CVE-2021-32659
was published
for
matrix-appservice-bridge
(npm)
Jun 21, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Authentication bypass for specific endpoint
High
CVE-2021-29442
was published
for
com.alibaba.nacos:nacos-common
(Maven)
Apr 27, 2021
Keycloak Missing authentication for critical function
Moderate
CVE-2021-20262
was published
for
org.keycloak:keycloak-core
(Maven)
Mar 12, 2021
Missing Authentication for Critical Function in LibreNMS
Moderate
CVE-2019-10668
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Moderate
CVE-2015-7559
was published
for
org.apache.activemq:activemq-client
(Maven)
Aug 1, 2019
ProTip!
Advisories are also available from the
GraphQL API