GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Istio Fragments in Path May Lead to Authorization Policy Bypass
High
CVE-2021-39156
was published
for
istio.io/istio
(Go)
Aug 30, 2021
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and...
High
Unreviewed
CVE-2018-12020
was published
May 13, 2022
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly...
High
Unreviewed
CVE-2019-0571
was published
May 13, 2022
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code...
High
Unreviewed
CVE-2019-9616
was published
May 13, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29445
was published
May 19, 2022
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This...
High
Unreviewed
CVE-2019-17575
was published
May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles...
High
Unreviewed
CVE-2020-12279
was published
May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles...
High
Unreviewed
CVE-2020-12278
was published
May 24, 2022
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10...
High
Unreviewed
CVE-2020-15505
was published
May 24, 2022
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse,...
High
Unreviewed
CVE-2021-22924
was published
May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)...
High
Unreviewed
CVE-2021-37214
was published
May 24, 2022
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when...
High
Unreviewed
CVE-2022-27778
was published
Jun 3, 2022
Opencontainers runc Incorrect Authorization vulnerability
High
CVE-2023-27561
was published
for
github.com/opencontainers/runc
(Go)
Mar 3, 2023
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
High
CVE-2023-34092
was published
for
vite
(npm)
Jun 6, 2023
Docassemble unauthorized access through URL manipulation
High
CVE-2024-27292
was published
for
docassemble.base
(pip)
Feb 29, 2024
Directus has MySQL accent insensitive email matching
High
CVE-2024-27295
was published
for
directus
(npm)
Mar 1, 2024
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-42125
was published
May 3, 2024
The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all...
High
Unreviewed
CVE-2024-4887
was published
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API