Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

688 advisories

Loading
elgg is vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2021-3964 was published for elgg/elgg (Composer) Dec 3, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference... Moderate Unreviewed
CVE-2021-36329 was published Dec 1, 2021
Password exposure in concrete5/core Moderate
CVE-2021-22951 was published for concrete5/core (Composer) Nov 23, 2021
Exposure of sensitive information in concrete5/core Moderate
CVE-2021-22967 was published for concrete5/core (Composer) Nov 23, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
Insecure direct object reference of log files of the Import/Export feature Moderate
CVE-2021-37709 was published for shopware/core (Composer) Aug 30, 2021
Users can edit the tags of any discussion Moderate
GHSA-32wx-4gxx-h48f was published for flarum/tags (Composer) Jan 29, 2021
LianSheng197 SychO9
IDOR can reveal execution data and logs to unauthorized user in Rundeck Moderate
CVE-2020-11009 was published for org.rundeck:rundeck (Maven) Apr 29, 2020
Machine-In-The-Middle in lix High
CVE-2020-10800 was published for lix (npm) Apr 16, 2020
Authorization Bypass Through User-Controlled Key in Bagisto Moderate
CVE-2019-16403 was published for bagisto/bagisto (Composer) Nov 8, 2019
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed High
CVE-2018-1000210 was published for YamlDotNet (NuGet) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database