Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

11,261 advisories

Loading
Pillow Denial of Service by Uncontrolled Resource Consumption High
CVE-2021-27923 was published for pillow (pip) Mar 18, 2021
sunSUNQ Credited to sunSUNQ
Improper Input Validation (RCE) High
CVE-2021-26814 was published for wazuh (npm) Mar 18, 2021
Vulnerability allowing for reading internal HTTP resources High
GHSA-hfwx-c7q6-g54c was published for highcharts-export-server (npm) Mar 12, 2021
Madge vulnerable to command injection High
CVE-2021-23352 was published for madge (npm) Mar 12, 2021
Uncontrolled Resource Consumption in Apache Thrift High
CVE-2020-13949 was published for org.apache.thrift:libthrift (Maven) Mar 12, 2021
jspdf vulnerable to Regular Expression Denial of Service (ReDoS) High
CVE-2021-23353 was published for jspdf (npm) Mar 12, 2021
/user/sessions endpoint allows detecting valid accounts High
GHSA-7vwg-39h8-8qp8 was published for ezsystems/ezplatform-rest (Composer) Mar 11, 2021
Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin High
CVE-2021-21361 was published for com.bmuschko:gradle-vagrant-plugin (Maven) Mar 9, 2021
britter Credited to britter
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager High
CVE-2021-21336 was published for Products.PluggableAuthService (pip) Mar 8, 2021
chutchut Credited to chutchut
botframework-connector vulnerable to Improper Authentication High
GHSA-cqff-fx2x-p86v was published for botframework-connector (pip) Mar 8, 2021
Improper Authentication High
GHSA-qxx8-292g-2w66 was published for Microsoft.Bot.Connector (NuGet) Mar 8, 2021
Active Record subject to Regular Expression Denial-of-Service (ReDoS) High
CVE-2021-22880 was published for activerecord (RubyGems) Mar 2, 2021
Sandbox escape through template_object in smarty High
CVE-2021-26119 was published for smarty/smarty (Composer) Mar 2, 2021
stevenseeley Credited to stevenseeley
URIjs Hostname spoofing via backslashes in URL High
CVE-2021-27516 was published for urijs (npm) Mar 1, 2021
Yaniv-git Credited to Yaniv-git
Denial of service in three High
CVE-2020-28496 was published for three (npm) Mar 1, 2021
Denial of service in prismjs High
CVE-2021-23341 was published for prismjs (npm) Mar 1, 2021
Prototype Pollution in Node-Red High
CVE-2021-21297 was published for @node-red/runtime (npm) Feb 26, 2021
Denial of Service High
GHSA-j95h-wmx9-4279 was published for sails (npm) Feb 25, 2021 withdrawn
Path traversal in pimcore/pimcore High
CVE-2021-23340 was published for pimcore/pimcore (Composer) Feb 25, 2021
XML external entity (XXE) vulnerability High
GHSA-c8m9-mh38-97p9 was published for org.jpmml:pmml-model (Maven) Feb 24, 2021 withdrawn
Elliptic Curve Key Disclosure High
GHSA-h6wq-jw7q-grxv was published for org.bitbucket.b_c:jose4j (Maven) Feb 24, 2021 withdrawn
Directory Traversal High
GHSA-f6gj-7592-5jxm was published for node-simple-router (npm) Feb 23, 2021 withdrawn
Directory Traversal High
GHSA-26hg-crh6-mjrw was published for list-n-stream (npm) Feb 23, 2021 withdrawn
Path traversal in bolt/core High
CVE-2021-27367 was published for bolt/core (Composer) Feb 18, 2021
XML External Entity (XXE) Injection in Jackson Databind High
CVE-2020-25649 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Feb 18, 2021
yair-apiiro Credited to yair-apiiro and sunSUNQ sunSUNQ sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database