GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
298 advisories
Filter by severity
Hashicorp Nomad Information Exposure Through Environmental Variables
Moderate
CVE-2019-14802
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
Exposure of Resource to Wrong Sphere in Drupal Core
High
CVE-2020-13670
was published
for
drupal/core
(Composer)
Feb 12, 2022
Cross-site Scripting in Drupal Core
Moderate
CVE-2020-13668
was published
for
drupal/core
(Composer)
Feb 12, 2022
Cross-Site Request Forgery in Drupal core
Moderate
CVE-2020-13674
was published
for
drupal/core
(Composer)
Feb 12, 2022
Incorrect Authorization in Drupal core
Moderate
CVE-2020-13676
was published
for
drupal/core
(Composer)
Feb 12, 2022
Open Redirect in koa-remove-trailing-slashes
Moderate
CVE-2021-23384
was published
for
koa-remove-trailing-slashes
(npm)
Feb 10, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Low
CVE-2017-18869
was published
for
chownr
(npm)
Feb 10, 2022
Improper Certificate Validation in node-sass
Moderate
CVE-2020-24025
was published
for
node-sass
(npm)
Feb 9, 2022
Capture-replay in Gitea
Critical
CVE-2021-45327
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Password exposure in ShenYu
High
CVE-2022-23223
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Missing authentication in ShenYu
Critical
CVE-2022-23944
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Use of Uninitialized Resource in smallvec
High
CVE-2018-25023
was published
for
smallvec
(Rust)
Jan 6, 2022
Use of Uninitialized Resource in ash.
Critical
CVE-2021-45688
was published
for
ash
(Rust)
Jan 6, 2022
Command Injection in node-windows
Critical
CVE-2021-45459
was published
for
node-windows
(npm)
Jan 5, 2022
Cross-site Scripting in Apereo CAS
Moderate
CVE-2021-42567
was published
for
org.apereo.cas:cas-server-core-web
(Maven)
Dec 10, 2021
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Moderate
GHSA-fxwm-rx68-p5vx
was published
for
ezsystems/ezplatform-richtext
(Composer)
Dec 1, 2021
Cross-site Scripting in github.com/schollz/rwtxt
Moderate
CVE-2021-20848
was published
for
github.com/schollz/rwtxt
(Go)
Nov 29, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-6mqr-q86q-6gwr
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
ProTip!
Advisories are also available from the
GraphQL API