Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
Istio Fragments in Path May Lead to Authorization Policy Bypass High
CVE-2021-39156 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed
CVE-2022-29445 was published May 19, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)... High Unreviewed
CVE-2021-37214 was published May 24, 2022
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and... High Unreviewed
CVE-2018-12020 was published May 13, 2022
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly... High Unreviewed
CVE-2019-0571 was published May 13, 2022
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code... High Unreviewed
CVE-2019-9616 was published May 13, 2022
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10... High Unreviewed
CVE-2020-15505 was published May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles... High Unreviewed
CVE-2020-12279 was published May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles... High Unreviewed
CVE-2020-12278 was published May 24, 2022
Unaligned references in Obstack High
CVE-2020-35894 was published for obstack (Rust) Aug 25, 2021
Directus has MySQL accent insensitive email matching High
CVE-2024-27295 was published for directus (npm) Mar 1, 2024
c53julian
Docassemble unauthorized access through URL manipulation High
CVE-2024-27292 was published for docassemble.base (pip) Feb 29, 2024
richighimi
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse,... High Unreviewed
CVE-2021-22924 was published May 24, 2022
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when... High Unreviewed
CVE-2022-27778 was published Jun 3, 2022
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This... High Unreviewed
CVE-2019-17575 was published May 24, 2022
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-42125 was published May 3, 2024
Opencontainers runc Incorrect Authorization vulnerability High
CVE-2023-27561 was published for github.com/opencontainers/runc (Go) Mar 3, 2023
AkihiroSuda
Nuxt vulnerable to remote code execution via the browser when running the test locally High
CVE-2024-34344 was published for nuxt (npm) Aug 5, 2024
Ry0taK
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) High
CVE-2023-34092 was published for vite (npm) Jun 6, 2023
agussetyar thenameisajay
dloetzke
The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all... High Unreviewed
CVE-2024-4887 was published Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database