GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
981 advisories
Filter by severity
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a...
Moderate
Unreviewed
CVE-2021-29719
was published
Dec 4, 2021
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts...
High
Unreviewed
CVE-2021-23263
was published
Dec 3, 2021
Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s...
Moderate
Unreviewed
CVE-2021-42116
was published
Dec 1, 2021
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message...
Moderate
Unreviewed
CVE-2021-44225
was published
Nov 27, 2021
Azure Active Directory Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2021-42306
was published
Nov 25, 2021
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user....
High
Unreviewed
CVE-2021-36917
was published
Nov 25, 2021
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS,...
High
Unreviewed
CVE-2021-34424
was published
Nov 25, 2021
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a...
Moderate
Unreviewed
CVE-2021-38004
was published
Nov 24, 2021
Exposure of sensitive information in Apache Ozone
Critical
CVE-2021-39231
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Apache Ozone exposes OM, SCM and Datanode metadata
Moderate
CVE-2021-41532
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Exposure of Resource to Wrong Sphere in salt
High
CVE-2021-21996
was published
for
salt
(pip)
Nov 21, 2021
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure...
Low
Unreviewed
CVE-2021-36319
was published
Nov 21, 2021
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not...
Moderate
Unreviewed
CVE-2021-42744
was published
Nov 20, 2021
PSP protection against improperly configured side channels may lead to potential information...
Moderate
Unreviewed
CVE-2021-26312
was published
Nov 17, 2021
Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of...
Moderate
Unreviewed
CVE-2021-26327
was published
Nov 17, 2021
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Moderate
CVE-2021-39184
was published
for
electron
(npm)
Oct 12, 2021
Druid ingestion system Authenticated users can read data from other sources than intended
Moderate
CVE-2021-36749
was published
for
org.apache.druid:druid-core
(Maven)
Sep 27, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Exposure of Resource to Wrong Sphere in LibreNMS
High
CVE-2020-15877
was published
for
librenms/librenms
(Composer)
Sep 8, 2021
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
CSRF token exposure in TYPO3 extension
Moderate
CVE-2021-36793
was published
for
lms/routes
(Composer)
Sep 2, 2021
Exposed phpinfo() leadked via documentation files
Moderate
CVE-2021-37704
was published
for
phpfastcache/phpfastcache
(Composer)
Aug 30, 2021
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
ProTip!
Advisories are also available from the
GraphQL API