GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,106 advisories
Filter by severity
certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address...
High
Unreviewed
CVE-2021-28710
was published
Nov 22, 2021
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege...
High
Unreviewed
CVE-2021-36307
was published
Nov 21, 2021
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested...
High
Unreviewed
CVE-2021-44038
was published
Nov 20, 2021
Insufficient security control vulnerability in internal database access mechanism of Hitachi...
High
Unreviewed
CVE-2021-35534
was published
Nov 19, 2021
Improper privilege management in Keycloak
High
CVE-2020-14389
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 10, 2021
Privilege escalation via form generator
High
CVE-2021-37627
was published
for
contao/contao
(Composer)
Aug 23, 2021
Improper Privilege Management in HashiCorp Nomad
High
CVE-2021-3283
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Privilege escalation in spring security
High
CVE-2021-22112
was published
for
org.springframework.security:spring-security-bom
(Maven)
May 10, 2021
Incorrect Session Validation in Apache Airflow
High
CVE-2020-17526
was published
for
apache-airflow
(pip)
Apr 20, 2021
Any logged in user could edit any other logged in user.
High
CVE-2021-29452
was published
for
@curveball/a12n-server
(npm)
Apr 19, 2021
Privilage Escalation in moodle
High
CVE-2020-25699
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
npm Vulnerable to Global node_modules Binary Overwrite
High
CVE-2019-16777
was published
for
npm
(npm)
Dec 13, 2019
Improper Privilege Management in org.apache.hadoop:hadoop-main
High
CVE-2018-11767
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Mar 25, 2019
dwebp-bin downloads Resources over HTTP
High
CVE-2016-10633
was published
for
dwebp-bin
(npm)
Feb 18, 2019
Downloads Resources over HTTP in bionode-sra
High
CVE-2016-10613
was published
for
bionode-sra
(npm)
Feb 18, 2019
Downloads Resources over HTTP in openframe-image
High
CVE-2016-10616
was published
for
openframe-image
(npm)
Feb 18, 2019
Downloads Resources over HTTP in libxl
High
CVE-2016-10585
was published
for
libxl
(npm)
Feb 18, 2019
Downloads Resources over HTTP in prince
High
CVE-2016-10591
was published
for
prince
(npm)
Feb 18, 2019
Downloads Resources over HTTP in cobalt-cli
High
CVE-2016-10597
was published
for
cobalt-cli
(npm)
Feb 18, 2019
Downloads Resources over HTTP in openframe-glslviewer
High
CVE-2016-10607
was published
for
openframe-glslviewer
(npm)
Feb 18, 2019
Improper Privilege Management in Apache Karaf
High
CVE-2018-11786
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2018
ProTip!
Advisories are also available from the
GraphQL API