GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
Arbitrary File Deletion vulnerability in OctoberCMS
Moderate
CVE-2020-5296
was published
for
october/cms
(Composer)
Jun 3, 2020
Upload whitelisted files to any directory in OctoberCMS
Low
CVE-2020-5297
was published
for
october/cms
(Composer)
Jun 3, 2020
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
Moderate
CVE-2021-3779
was published
for
ruby-mysql
(RubyGems)
Jun 29, 2022
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix
Moderate
CVE-2020-5412
was published
for
org.springframework.cloud:spring-cloud-netflix
(Maven)
Apr 30, 2021
ExternalName Services can be used to gain access to Envoy's admin interface
High
CVE-2021-32783
was published
for
github.com/projectcontour/contour
(Go)
Aug 30, 2021
Confused Deputy in Kubernetes
Low
CVE-2021-25740
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
Confused Deputy in Kubernetes
Moderate
CVE-2020-8561
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
phpBB Server-Side Request Forgery Vulnerability
Moderate
CVE-2020-8226
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
Shopware XXE Vulnerability
Moderate
CVE-2017-18357
was published
for
shopware/shopware
(Composer)
May 14, 2022
ingress-nginx component for Kubernetes allows file overwrite
Moderate
CVE-2020-8553
was published
for
k8s.io/ingress-nginx
(Go)
May 24, 2022
Sandbox Breakout in safe-eval
Critical
CVE-2017-16088
was published
for
safe-eval
(npm)
Jul 18, 2018
in-toto vulnerable to Configuration Read From Local Directory
Moderate
CVE-2023-32076
was published
for
in-toto
(pip)
May 11, 2023
External Control of File Name or Path in h2oai/h2o-3
Critical
CVE-2023-6569
was published
for
h2o
(pip)
Dec 14, 2023
Micronaut management endpoints vulnerable to drive-by localhost attack
Moderate
CVE-2024-23639
was published
for
io.micronaut:micronaut-http-server
(Maven)
Feb 9, 2024
Moodle External Control of File Name or Path vulnerability
Moderate
CVE-2023-30943
was published
for
moodle/moodle
(Composer)
May 2, 2023
Spin applications with specific configuration vulnerable to potential network sandbox escape
Critical
CVE-2024-32980
was published
for
spin-sdk
(Rust)
May 8, 2024
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
CometBFT is unstability during blocksync when syncing from malicious peer
Moderate
GHSA-hg58-rf2h-6rr7
was published
for
github.com/cometbft/cometbft
(Go)
Jun 28, 2024
snapd failed to properly check the destination of symbolic links when extracting a snap
Moderate
CVE-2024-29069
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
Moderate
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
Moderate
CVE-2024-7625
was published
for
github.com/hashicorp/nomad
(Go)
Aug 15, 2024
HashiCorp Nomad vulnerable to symlink attacks
High
CVE-2024-1329
was published
for
github.com/hashicorp/nomad
(Go)
Feb 8, 2024
ProTip!
Advisories are also available from the
GraphQL API