GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online...
Moderate
Unreviewed
CVE-2024-55058
was published
Dec 17, 2024
Opencontainers runc Incorrect Authorization vulnerability
High
CVE-2023-27561
was published
for
github.com/opencontainers/runc
(Go)
Mar 3, 2023
Nuxt vulnerable to remote code execution via the browser when running the test locally
Critical
CVE-2024-34344
was published
for
nuxt
(npm)
Aug 5, 2024
gitsign may use incorrect Rekor entries during verification
Low
CVE-2024-51746
was published
for
github.com/sigstore/gitsign
(Go)
Nov 5, 2024
The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all...
High
Unreviewed
CVE-2024-4887
was published
Jun 7, 2024
gix-path uses local config across repos when it is the highest scope
Low
CVE-2024-45305
was published
for
gix-path
(Rust)
Sep 3, 2024
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
High
CVE-2023-34092
was published
for
vite
(npm)
Jun 6, 2023
TorchServe vulnerable to bypass of allowed_urls configuration
Critical
CVE-2024-35198
was published
for
torchserve
(pip)
Jul 18, 2024
opencontainers runc contains procfs race condition with a shared volume mount
Moderate
CVE-2019-19921
was published
for
github.com/opencontainers/runc
(Go)
May 27, 2021
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-42125
was published
May 3, 2024
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't...
Critical
Unreviewed
CVE-2020-10574
was published
May 24, 2022
The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote...
Moderate
Unreviewed
CVE-2019-12837
was published
May 24, 2022
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This...
High
Unreviewed
CVE-2019-17575
was published
May 24, 2022
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when...
High
Unreviewed
CVE-2022-27778
was published
Jun 3, 2022
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse,...
High
Unreviewed
CVE-2021-22924
was published
May 24, 2022
Docassemble unauthorized access through URL manipulation
High
CVE-2024-27292
was published
for
docassemble.base
(pip)
Feb 29, 2024
Information Disclosure in Apache Tomcat
Moderate
CVE-2021-24122
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2021
Directus has MySQL accent insensitive email matching
High
CVE-2024-27295
was published
for
directus
(npm)
Mar 1, 2024
EnvoyProxy Envoy Missing HTTP URL path normalization
Critical
CVE-2019-9901
was published
for
github.com/envoyproxy/envoy
(Go)
May 24, 2022
lambdaisland/uri `authority-regex` returns the wrong authority
Moderate
CVE-2023-28628
was published
for
lambdaisland:uri
(Maven)
Mar 27, 2023
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles...
High
Unreviewed
CVE-2020-12278
was published
May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles...
High
Unreviewed
CVE-2020-12279
was published
May 24, 2022
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10...
High
Unreviewed
CVE-2020-15505
was published
May 24, 2022
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to...
Moderate
Unreviewed
CVE-2022-0855
was published
Mar 5, 2022
ProTip!
Advisories are also available from the
GraphQL API