GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
session fixation protection mechanism in cgi_process.rb in Rails
Moderate
CVE-2007-6077
was published
for
rails
(RubyGems)
Oct 24, 2017
Apache Tomcat Race Condition vulnerability
Moderate
CVE-2018-8037
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
In RubyGem excon, interrupted Persistent Connections May Leak Response Data
Moderate
CVE-2019-16779
was published
for
excon
(RubyGems)
Dec 16, 2019
cookie-signature Timing Attack
Moderate
CVE-2016-1000236
was published
for
cookie-signature
(npm)
Jan 6, 2020
Information disclosure in JBoss Weld
Moderate
CVE-2014-8122
was published
for
org.jboss.weld:weld-core-bom
(Maven)
Jun 10, 2020
ECDSA signature vulnerability of Minerva timing attack in jsrsasign
Moderate
GHSA-g753-jx37-7xwh
was published
for
jsrsasign
(npm)
Jun 30, 2020
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File
Moderate
CVE-2020-1733
was published
for
ansible
(pip)
Apr 20, 2021
opencontainers runc contains procfs race condition with a shared volume mount
Moderate
CVE-2019-19921
was published
for
github.com/opencontainers/runc
(Go)
May 27, 2021
Beego has a file creation race condition
Moderate
CVE-2019-16354
was published
for
github.com/astaxie/beego
(Go)
Aug 2, 2021
Timing based private key exposure in Bouncy Castle
Moderate
CVE-2020-15522
was published
for
BouncyCastle
(Maven)
Aug 13, 2021
Multiple memory safety issues in actix-web
Moderate
GHSA-w65j-g6c7-g3m4
was published
for
actix-web
(Rust)
Aug 25, 2021
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr
Moderate
CVE-2020-35886
was published
for
arr
(Rust)
Aug 25, 2021
Data races in futures-intrusive
Moderate
CVE-2020-35915
was published
for
futures-intrusive
(Rust)
Aug 25, 2021
Data races in generator
Moderate
GHSA-h6gg-fvf5-qgwf
was published
for
generator
(Rust)
Aug 25, 2021
•
withdrawn
Data races in noise_search
Moderate
CVE-2020-36461
was published
for
noise_search
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API