Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,418 advisories

Loading
Moderate severity vulnerability that affects org.apache.ranger:ranger Moderate
CVE-2017-7677 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc Moderate
CVE-2018-1314 was published for org.apache.hive:hive-jdbc (Maven) Nov 21, 2018
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction Critical
CVE-2019-10648 was published for net.sf.robocode:robocode.host (Maven) Apr 2, 2019
Tryton Improper Access Control Moderate
CVE-2019-10868 was published for trytond (pip) Apr 10, 2019
Access control bypass in Apache ZooKeeper Moderate
CVE-2019-0201 was published for org.apache.zookeeper:zookeeper (Maven) May 29, 2019
Undertow Missing Authorization when requesting a protected directory without trailing slash High
CVE-2019-10184 was published for io.undertow:undertow-servlet (Maven) Aug 1, 2019
Missing Authorization in Drupal Moderate
CVE-2017-6923 was published for drupal/core (Composer) Oct 10, 2019
Unauthenticated Access Via OAI-PMH High
CVE-2020-5228 was published for org.opencastproject:opencast-oaipmh-api (Maven) Jan 30, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper High
CVE-2020-10187 was published for doorkeeper (RubyGems) May 7, 2020
stefansundin nbulaj
File system access via H2 in Apache Ignite Critical
CVE-2020-1963 was published for org.apache.ignite:ignite-core (Maven) Jun 5, 2020
Ability to change order address without triggering address validations in solidus Moderate
CVE-2020-15109 was published for solidus_api (RubyGems) Aug 4, 2020
mamhoff kennyadsl
Unintended read access in kramdown gem Critical
CVE-2020-14001 was published for kramdown (RubyGems) Aug 7, 2020
Privilege Escalation in Channelmgnt plug-in for Sopel High
CVE-2020-15251 was published for sopel_plugins.channelmgnt (pip) Oct 13, 2020
RhinosF1
Ability to switch customer email address on account detail page and stay verified Moderate
CVE-2020-15245 was published for sylius/sylius (Composer) Oct 19, 2020
decemvre
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. Moderate
CVE-2020-15247 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Bypass of fix for CVE-2020-15247, Twig sandbox escape Low
CVE-2020-26231 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Key Caching behavior in the DynamoDB Encryption Client. Low
GHSA-w736-hf9p-qqh3 was published for com.amazonaws:aws-dynamodb-encryption-java (Maven) Feb 8, 2021
Key Caching behavior in the DynamoDB Encryption Client. Low
GHSA-4ph2-8337-hm62 was published for dynamodb-encryption-sdk (pip) Feb 8, 2021
Generation of fake documents via public GET-call Low
GHSA-jvg4-9rc2-wvcr was published for shopware/platform (Composer) Feb 10, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible High
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
Bypass of fix for CVE-2020-26231, Twig sandbox escape Moderate
CVE-2021-21264 was published for october/cms (Composer) May 4, 2021
Authorization bypass in Strapi Critical
CVE-2020-27664 was published for strapi (npm) May 10, 2021
Kubernetes Privilege Escalation Critical
CVE-2017-1000056 was published for k8s.io/kubernetes (Go) May 12, 2021
Authenticated users can exploit an enumeration vulnerability in Harbor Moderate
CVE-2020-13794 was published for github.com/goharbor/harbor (Go) May 24, 2021
Missing Authorization in Jenkins Kubernetes CLI Plugin Moderate
CVE-2021-21661 was published for org.jenkins-ci.plugins:kubernetes-cli (Maven) Jun 16, 2021
ProTip! Advisories are also available from the GraphQL API