GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,992 advisories
Filter by severity
Exposure of sensitive information in Apache Ozone
Critical
CVE-2021-39231
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Incorrect Authorization in Apache Ozone
High
CVE-2021-39232
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
High
CVE-2021-39236
was published
for
org.apache.hadoop:hadoop-ozone-ozone-manager
(Maven)
Nov 23, 2021
Missing Authorization with Default Settings in Dashboard UI
High
CVE-2021-41238
was published
for
Hangfire.Core
(NuGet)
Nov 3, 2021
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Moderate
CVE-2021-39184
was published
for
electron
(npm)
Oct 12, 2021
Improper Authorization in Google OAuth Client
High
CVE-2020-7692
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Sep 28, 2021
Exposure of sensitive information in Elasticsearch
Moderate
CVE-2021-22147
was published
for
org.elasticsearch:elasticsearch
(Maven)
Sep 20, 2021
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Moderate
CVE-2021-38698
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
Missing Authorization in FastReport
Critical
CVE-2020-27998
was published
for
FastReport.OpenSource
(NuGet)
Aug 2, 2021
Missing Authorization in TYPO3 extension
Moderate
CVE-2020-12700
was published
for
directmailteam/direct-mail
(Composer)
Jul 26, 2021
Missing Authorization in TYPO3 extension
Moderate
CVE-2020-12698
was published
for
directmailteam/direct-mail
(Composer)
Jul 26, 2021
Missing Authorization in TeamPass
High
CVE-2020-11671
was published
for
nilsteampassnet/teampass
(Composer)
Jul 26, 2021
Missing Authorization in Jenkins P4 plugin
Moderate
CVE-2021-21654
was published
for
org.jenkins-ci.plugins:p4
(Maven)
Jun 16, 2021
Missing Authorization in jenkins xray-connector
Moderate
CVE-2021-21653
was published
for
org.jenkins-ci.plugins:xray-connector
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins S3 publisher Plugin
Moderate
CVE-2021-21651
was published
for
org.jenkins-ci.plugins:s3
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins S3 publisher Plugin
Moderate
CVE-2021-21650
was published
for
org.jenkins-ci.plugins:s3
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins Kubernetes CLI Plugin
Moderate
CVE-2021-21661
was published
for
org.jenkins-ci.plugins:kubernetes-cli
(Maven)
Jun 16, 2021
Authenticated users can exploit an enumeration vulnerability in Harbor
Moderate
CVE-2020-13794
was published
for
github.com/goharbor/harbor
(Go)
May 24, 2021
Kubernetes Privilege Escalation
Critical
CVE-2017-1000056
was published
for
k8s.io/kubernetes
(Go)
May 12, 2021
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Moderate
CVE-2021-21264
was published
for
october/cms
(Composer)
May 4, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
Moderate
CVE-2020-10684
was published
for
ansible
(pip)
Apr 7, 2021
Generation of fake documents via public GET-call
Low
GHSA-jvg4-9rc2-wvcr
was published
for
shopware/platform
(Composer)
Feb 10, 2021
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
ProTip!
Advisories are also available from the
GraphQL API