GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for...
Critical
Unreviewed
CVE-2023-39107
was published
Aug 4, 2023
The combination of primitives offered by SMB and AFP in their default configuration allows the...
Critical
Unreviewed
CVE-2022-22995
was published
Mar 27, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21691
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21695
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21686
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Froxlor Improper Input Validation vulnerability
Critical
CVE-2023-6069
was published
for
froxlor/froxlor
(Composer)
Nov 10, 2023
Rubyzip gem contains a Directory Traversal vulnerability in zip file component
Critical
CVE-2018-1000544
was published
for
rubyzip
(RubyGems)
Sep 6, 2018
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability
Critical
CVE-2018-12026
was published
for
passenger
(RubyGems)
May 14, 2022
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system
Critical
CVE-2023-25168
was published
for
github.com/pterodactyl/wings
(Go)
Feb 10, 2023
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission...
Critical
Unreviewed
CVE-2022-23144
was published
Sep 25, 2022
In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed...
Critical
Unreviewed
CVE-2018-5225
was published
May 14, 2022
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code...
Critical
Unreviewed
CVE-2021-3942
was published
Dec 12, 2022
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4...
Critical
Unreviewed
CVE-2017-1002101
was published
May 13, 2022
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to...
Critical
Unreviewed
CVE-2021-38570
was published
May 24, 2022
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2...
Critical
Unreviewed
CVE-2020-25989
was published
May 24, 2022
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points...
Critical
Unreviewed
CVE-2022-34960
was published
Aug 26, 2022
Insecure Temporary File in SWHKD
Critical
CVE-2022-27815
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API