GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,428 advisories
Filter by severity
session fixation protection mechanism in cgi_process.rb in Rails
Moderate
CVE-2007-6077
was published
for
rails
(RubyGems)
Oct 24, 2017
Plone and Zope2 affected by Race Condition
High
CVE-2012-5507
was published
for
Plone
(pip)
Jul 23, 2018
private_address_check contains race condition
High
CVE-2018-3759
was published
for
private_address_check
(RubyGems)
Jul 31, 2018
Apache Tomcat Race Condition vulnerability
Moderate
CVE-2018-8037
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Race condition in org.apache.hbase:hbase-thrift
High
CVE-2018-8025
was published
for
org.apache.hbase:hbase-thrift
(Maven)
Oct 18, 2018
Webargs mishandles concurrent JSON parsing
High
CVE-2019-9710
was published
for
webargs
(pip)
Mar 12, 2019
In RubyGem excon, interrupted Persistent Connections May Leak Response Data
Moderate
CVE-2019-16779
was published
for
excon
(RubyGems)
Dec 16, 2019
cookie-signature Timing Attack
Moderate
CVE-2016-1000236
was published
for
cookie-signature
(npm)
Jan 6, 2020
Potential Observable Timing Discrepancy in Wagtail
Moderate
CVE-2020-11037
was published
for
wagtail
(pip)
May 7, 2020
Information disclosure in JBoss Weld
Moderate
CVE-2014-8122
was published
for
org.jboss.weld:weld-core-bom
(Maven)
Jun 10, 2020
ECDSA signature vulnerability of Minerva timing attack in jsrsasign
Moderate
GHSA-g753-jx37-7xwh
was published
for
jsrsasign
(npm)
Jun 30, 2020
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
Moderate
CVE-2020-10684
was published
for
ansible
(pip)
Apr 7, 2021
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File
Low
CVE-2020-1733
was published
for
ansible
(pip)
Apr 20, 2021
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
High
CVE-2021-30465
was published
for
github.com/opencontainers/runc
(Go)
May 25, 2021
opencontainers runc contains procfs race condition with a shared volume mount
Moderate
CVE-2019-19921
was published
for
github.com/opencontainers/runc
(Go)
May 27, 2021
Beego has a file creation race condition
Moderate
CVE-2019-16354
was published
for
github.com/astaxie/beego
(Go)
Aug 2, 2021
Timing based private key exposure in Bouncy Castle
Moderate
CVE-2020-15522
was published
for
BouncyCastle
(Maven)
Aug 13, 2021
Multiple memory safety issues in actix-web
Moderate
GHSA-w65j-g6c7-g3m4
was published
for
actix-web
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API