GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,808 advisories
Filter by severity
Basic-auth app bundle credential exposure in gatsby-source-wordpress
High
CVE-2021-32770
was published
for
gatsby-source-wordpress
(npm)
Jul 19, 2021
Buildah processes using chroot isolation may leak environment values to intermediate processes
Moderate
CVE-2021-3602
was published
for
github.com/containers/buildah
(Go)
Jul 19, 2021
Encoded URIs can access WEB-INF directory in Eclipse Jetty
Moderate
CVE-2021-34429
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Jul 19, 2021
The reset password form reveal users email address
Moderate
CVE-2021-32731
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Jul 2, 2021
API information disclosure flaw in Elasticsearch
Moderate
CVE-2021-22135
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 2, 2021
List of order ids, number, items total and token value exposed for unauthorized uses via new API
Moderate
CVE-2021-32720
was published
for
sylius/sylius
(Composer)
Jun 29, 2021
Private files publicly accessible with Cloud Storage providers
High
GHSA-vrf2-xghr-j52v
was published
for
shopware/core
(Composer)
Jun 28, 2021
Duplicate Advisory: Helm passes repository credentials to alternate domain
Moderate
GHSA-7jr6-prv4-5wf5
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
•
withdrawn
Helm passes repository credentials to alternate domain
Moderate
CVE-2021-32690
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2021-25122
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 16, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
High
CVE-2021-20259
was published
for
foreman_fog_proxmox
(RubyGems)
Jun 10, 2021
Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
Moderate
CVE-2021-28169
was published
for
org.eclipse.jetty:jetty-servlets
(Maven)
Jun 10, 2021
Exposure of sensitive information to an unauthorized actor in HyperKitty
High
CVE-2021-33038
was published
for
HyperKitty
(pip)
Jun 1, 2021
Lookup function information discolosure in helm
High
CVE-2020-11013
was published
for
helm.sh/helm/v3
(Go)
May 27, 2021
Private Field data leak
High
CVE-2021-32624
was published
for
@keystonejs/keystone
(npm)
May 27, 2021
Potential memory exposure in dns-packet
High
CVE-2021-23386
was published
for
dns-packet
(npm)
May 24, 2021
JWT leak via Open Redirect in Programmatic access
Moderate
CVE-2021-29651
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
Podman Origin Validation Error
Moderate
CVE-2021-20199
was published
for
github.com/containers/podman/v3
(Go)
May 18, 2021
Information Exposure in jaeger
Moderate
CVE-2020-10750
was published
for
github.com/jaegertracing/jaeger
(Go)
May 18, 2021
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
Insecure Permissions in Gogs
Critical
CVE-2019-14544
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information
Moderate
CVE-2019-17110
was published
for
github.com/kubernetes/kube-state-metrics
(Go)
May 18, 2021
•
withdrawn
Credential leak in react-native-fast-image
Moderate
CVE-2020-7696
was published
for
react-native-fast-image
(npm)
May 18, 2021
Insecure template handling in express-hbs
Moderate
CVE-2021-32817
was published
for
express-hbs
(npm)
May 17, 2021
ProTip!
Advisories are also available from the
GraphQL API