GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Apache Helix Front (UI) component contained a hard-coded secret
High
CVE-2024-22281
was published
for
org.apache.helix:helix
(Maven)
Aug 21, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
DIRAC: Unauthorized users can read proxy contents during generation
High
CVE-2024-29905
was published
for
DIRAC
(pip)
Apr 9, 2024
runc vulnerable to container breakout through process.cwd trickery and leaked fds
High
CVE-2024-21626
was published
for
github.com/opencontainers/runc
(Go)
Jan 31, 2024
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
High
CVE-2023-28433
was published
for
github.com/minio/minio
(Go)
Sep 6, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31103
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31206
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
XWiki Platform may show email addresses in clear in REST results
High
CVE-2023-35151
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Jun 20, 2023
XWiki Platform may retrieve email addresses of all users
High
CVE-2023-34467
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Jun 20, 2023
Jeecg P3 Biz Chat allows remote attackers to read arbitrary files
High
CVE-2023-33510
was published
for
org.jeecgframework.p3:jeecg-p3-biz-chat
(Maven)
Jun 7, 2023
n8n Information Disclosure vulnerability
High
CVE-2023-27564
was published
for
n8n
(npm)
May 10, 2023
org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents
High
CVE-2023-29208
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 12, 2023
ecdh vulnerable to Exposure of Resource to Wrong Sphere
High
CVE-2022-44310
was published
for
ecdh
(npm)
Feb 24, 2023
robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison
High
CVE-2015-10004
was published
for
github.com/robbert229/jwt
(Go)
Dec 28, 2022
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
High
CVE-2022-21126
was published
for
com.github.samtools:htsjdk
(Maven)
Nov 29, 2022
ManyDesigns Portofino subject to creation of insecure temporary file
High
CVE-2022-3952
was published
for
com.manydesigns:portofino
(Maven)
Nov 11, 2022
Ethermint vulnerable to DoS through unintended Contract Selfdestruct
High
CVE-2022-35936
was published
for
github.com/Kava-Labs/kava
(Go)
Aug 18, 2022
Cronos vulnerable to DoS through unintended Contract Selfdestruct
High
GHSA-gwj5-wp6r-5q9f
was published
for
github.com/crypto-org-chain/cronos
(Go)
Aug 11, 2022
Hardcoded JWT Token in Lin CMS Spring Boot
High
CVE-2022-32430
was published
for
io.github.talelin:lin-cms-core
(Maven)
Jul 22, 2022
Undertow vulnerable to Denial of Service (DoS) attacks
High
CVE-2021-3859
was published
for
io.undertow:undertow-core
(Maven)
Jul 15, 2022
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
High
CVE-2022-27772
was published
for
org.springframework.boot:spring-boot
(Maven)
Jul 11, 2022
Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign
High
CVE-2021-22044
was published
for
org.springframework.cloud:spring-cloud-openfeign-core
(Maven)
May 24, 2022
Improper Privilege Management in Spring Framework
High
CVE-2021-22118
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
xdlocalstorage does not verify request origin
High
CVE-2020-11610
was published
for
xdlocalstorage
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API