Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

838 advisories

Loading
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2016-8629 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Incorrect handling of CORS preflight request headers in hapi Moderate
CVE-2015-9236 was published for hapi (npm) Jun 7, 2018
Unsafe Merging of CORS Configuration Conflict in hapi Moderate
CVE-2015-9243 was published for hapi (npm) Sep 1, 2020
Unchecked hostname resolution could allow access to local network resources by users outside the local network Moderate
GHSA-6rg3-8h8x-5xfv was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
Keycloak has lack of validation of access token on client registrations endpoint Moderate
CVE-2023-0091 was published for org.keycloak:keycloak-core (Maven) Jan 12, 2023
usememos/memos vulnerable to improper access control Moderate
CVE-2022-4685 was published for github.com/usememos/memos (Go) Dec 23, 2022
Apache Superset has Improper Access Control Moderate
CVE-2022-45438 was published for apache-superset (pip) Jan 16, 2023
Path traversal allows leaking out-of-bound files from Argo CD repo-server Moderate
CVE-2022-24731 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt
AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on... Moderate Unreviewed
CVE-2015-5746 was published May 17, 2022
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. Moderate Unreviewed
CVE-2022-0405 was published Apr 4, 2022
A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent... Moderate Unreviewed
CVE-2021-1515 was published May 24, 2022
A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials.... Moderate Unreviewed
CVE-2020-25634 was published May 24, 2022
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1... Moderate Unreviewed
CVE-2022-29417 was published Apr 26, 2022
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when... Moderate Unreviewed
CVE-2020-27831 was published May 24, 2022
Improper Access Control in Apache Derby Moderate
CVE-2018-1313 was published for org.apache.derby:derby (Maven) May 13, 2022
Improper Access Control in Telerik Extensions Moderate
CVE-2018-17060 was published for TelerikMvcExtensions (NuGet) May 13, 2022
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated,... Moderate Unreviewed
CVE-2021-1449 was published May 24, 2022
Improper Access Control in MySQL Connectors Java Moderate
CVE-2015-2575 was published for mysql:mysql-connector-java (Maven) May 17, 2022
Improper Access Control in Apache WSS4J Moderate
CVE-2015-0227 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2014-7810 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2012-5885 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and... Moderate Unreviewed
CVE-2021-24730 was published Mar 1, 2022
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with... Moderate Unreviewed
CVE-2021-24845 was published Dec 14, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and... Moderate Unreviewed
CVE-2015-3152 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API