Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,041 advisories

Loading
Authorization bypass in Spree High
CVE-2020-26223 was published for spree_api (RubyGems) Nov 13, 2020
Privilege Escalation in Channelmgnt plug-in for Sopel High
CVE-2020-15251 was published for sopel_plugins.channelmgnt (pip) Oct 13, 2020
RhinosF1
Android WebView Universal Cross-site Scripting Moderate
CVE-2020-6506 was published for react-native-webview (npm) Oct 2, 2020
alesandroortiz
Invalid root may become trusted root in The Update Framework (TUF) High
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
Information Disclosure in TYPO3 extension sf_event_mgt Moderate
CVE-2020-25026 was published for derhansen/sf_event_mgt (Composer) Sep 2, 2020
derhansen
Incorrect access control in typo3_forum Moderate
CVE-2020-15513 was published for mittwald/typo3_forum (Composer) Jul 29, 2020
Authorization Bypass in I hate money Moderate
CVE-2020-15120 was published for ihatemoney (pip) Jul 27, 2020
zorun
Possible pod name collisions in jupyterhub-kubespawner Moderate
CVE-2020-15110 was published for jupyterhub-kubespawner (pip) Jul 22, 2020
GraphQL: Security breach on Viewer query Moderate
CVE-2020-15126 was published for parse-server (npm) Jul 22, 2020
Moumouls
Authorization bypass in express-jwt High
CVE-2020-15084 was published for express-jwt (npm) Jun 30, 2020
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
Potential session hijack in Apache CXF Critical
CVE-2019-12419 was published for org.apache.cxf:cxf (Maven) Nov 8, 2019
Cleartext Transmission of Sensitive Information in Apache nifi High
CVE-2018-17195 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass High
CVE-2018-1258 was published for org.springframework:spring-core (Maven) Oct 17, 2018
MarkLee131 sunSUNQ
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
Improper Authorization in aedes Moderate
CVE-2018-3778 was published for aedes (npm) Aug 15, 2018
tdunlap607
ProTip! Advisories are also available from the GraphQL API