GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,041 advisories
Filter by severity
Authorization bypass in Spree
High
CVE-2020-26223
was published
for
spree_api
(RubyGems)
Nov 13, 2020
Privilege Escalation in Channelmgnt plug-in for Sopel
High
CVE-2020-15251
was published
for
sopel_plugins.channelmgnt
(pip)
Oct 13, 2020
Android WebView Universal Cross-site Scripting
Moderate
CVE-2020-6506
was published
for
react-native-webview
(npm)
Oct 2, 2020
Invalid root may become trusted root in The Update Framework (TUF)
High
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
Information Disclosure in TYPO3 extension sf_event_mgt
Moderate
CVE-2020-25026
was published
for
derhansen/sf_event_mgt
(Composer)
Sep 2, 2020
Incorrect access control in typo3_forum
Moderate
CVE-2020-15513
was published
for
mittwald/typo3_forum
(Composer)
Jul 29, 2020
Authorization Bypass in I hate money
Moderate
CVE-2020-15120
was published
for
ihatemoney
(pip)
Jul 27, 2020
Possible pod name collisions in jupyterhub-kubespawner
Moderate
CVE-2020-15110
was published
for
jupyterhub-kubespawner
(pip)
Jul 22, 2020
GraphQL: Security breach on Viewer query
Moderate
CVE-2020-15126
was published
for
parse-server
(npm)
Jul 22, 2020
Authorization bypass in express-jwt
High
CVE-2020-15084
was published
for
express-jwt
(npm)
Jun 30, 2020
Information disclosure issue in Active Resource
High
CVE-2020-8151
was published
for
activeresource
(RubyGems)
May 21, 2020
Potential session hijack in Apache CXF
Critical
CVE-2019-12419
was published
for
org.apache.cxf:cxf
(Maven)
Nov 8, 2019
Cleartext Transmission of Sensitive Information in Apache nifi
High
CVE-2018-17195
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
High
CVE-2018-1258
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
ProTip!
Advisories are also available from the
GraphQL API