Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
Electron webPreferences vulnerability can be used to perform remote code execution High
CVE-2018-15685 was published for electron (npm) Aug 23, 2018
WildFly vulnerable to Insecure Default Initialization of Resource High
CVE-2022-1278 was published for org.wildfly.bom:wildfly (Maven) Sep 14, 2022
Arbitrary Code Execution in grunt High
CVE-2020-7729 was published for grunt (npm) May 6, 2021
Insecure defaults in UmbracoForms High
CVE-2020-7685 was published for UmbracoForms (NuGet) Jul 29, 2020
MTProto proxy remote code execution vulnerability High
CVE-2023-45312 was published for mtproto_proxy (Erlang) Oct 10, 2023
Apache superset missing check for default SECRET_KEY High
CVE-2023-27524 was published for apache-superset (pip) Apr 24, 2023
Apache ActiveMQ's default configuration doesn't secure the API web context High
CVE-2024-32114 was published for org.apache.activemq:apache-activemq (Maven) May 2, 2024
Argo CD Insecure default administrative password High
CVE-2020-8828 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
ProTip! Advisories are also available from the GraphQL API