GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,508
Erlang
33
GitHub Actions
25
Go
2,213
Maven
5,000+
npm
3,871
NuGet
696
pip
3,643
Pub
12
RubyGems
913
Rust
922
Swift
38
Unreviewed advisories
All unreviewed
5,000+
21,996 advisories
Filter by severity
Path Traversal in FileGator
Moderate
CVE-2022-1850
was published
for
filegator/filegator
(Composer)
May 25, 2022
Duplicate Advisory: ReDoS via crafted JSON input in GJSON
High
CVE-2021-42248
was published
for
github.com/tidwall/gjson
(Go)
May 25, 2022
•
withdrawn
Business Logic Errors in Para
Moderate
CVE-2022-1848
was published
for
com.erudika:para-core
(Maven)
May 25, 2022
Cross site scripting in SiteServer CMS
Moderate
CVE-2021-42656
was published
for
SSCMS
(NuGet)
May 25, 2022
Improper user session handling in filegator
Moderate
CVE-2022-1849
was published
for
filegator/filegator
(Composer)
May 25, 2022
Undertow Uncontrolled Resource Consumption
High
CVE-2021-3629
was published
for
io.undertow:undertow-core
(Maven)
May 25, 2022
Wildfly-Core user account mismanagement
High
CVE-2021-3717
was published
for
org.wildfly.core:wildfly-core-parent
(Maven)
May 25, 2022
undertow Race Condition vulnerability
Moderate
CVE-2021-3597
was published
for
io.undertow:undertow-core
(Maven)
May 25, 2022
Camaleon CMS Stored Cross-site Scripting vulnerability
Moderate
CVE-2021-25969
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Cross site scripting in publify
Moderate
CVE-2021-25974
was published
for
publify_core
(RubyGems)
May 24, 2022
Apache Superset Stored XSS on Dashboard markdown
Moderate
CVE-2021-27907
was published
for
apache-superset
(pip)
May 24, 2022
ChakraCore information disclosure vulnerability
High
CVE-2020-0813
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
Improper Certificate Validation in MongoDB
Moderate
CVE-2021-20328
was published
for
org.mongodb:mongo-java-driver
(Maven)
May 24, 2022
Moodle Persistent Cross-site Scripting (XSS)
Moderate
CVE-2019-18210
was published
for
moodle/moodle
(Composer)
May 24, 2022
Kibana Sensitive Data Disclosure
Moderate
CVE-2021-37939
was published
for
kibana
(npm)
May 24, 2022
Apache Superset OS Command Injection
High
CVE-2020-13948
was published
for
apache-superset
(pip)
May 24, 2022
Keycloak code execution via UMA policy abuse
High
CVE-2019-10169
was published
for
org.keycloak:keycloak-authz-client
(Maven)
May 24, 2022
Improper Certificate Validation in Apache Netbeans
Critical
CVE-2019-17560
was published
for
org.codehaus.mevenide:netbeans
(Maven)
May 24, 2022
Exposure of Resource to Wrong Sphere in Liferay Portal
Moderate
CVE-2021-33330
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2022
Broken Authentication in Atlassian Connect Express
High
CVE-2021-26073
was published
for
atlassian-connect-express
(npm)
May 24, 2022
Camaleon CMS Insufficient Session Expiration vulnerability
High
CVE-2021-25970
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Mautic stored Cross-site Scripting (XSS)
Critical
CVE-2020-35129
was published
for
mautic/core
(Composer)
May 24, 2022
Cross site scripting in publify
Moderate
CVE-2021-25975
was published
for
publify_core
(RubyGems)
May 24, 2022
NuGet Package Manager Tampering Vulnerability
Moderate
CVE-2019-0976
was published
for
NuGet.Commands
(NuGet)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API