GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10...
High
Unreviewed
CVE-2020-15505
was published
May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles...
High
Unreviewed
CVE-2020-12279
was published
May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles...
High
Unreviewed
CVE-2020-12278
was published
May 24, 2022
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't...
Critical
Unreviewed
CVE-2020-10574
was published
May 24, 2022
The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote...
Moderate
Unreviewed
CVE-2019-12837
was published
May 24, 2022
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This...
High
Unreviewed
CVE-2019-17575
was published
May 24, 2022
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a...
Moderate
Unreviewed
CVE-2019-0220
was published
May 24, 2022
EnvoyProxy Envoy Missing HTTP URL path normalization
Critical
CVE-2019-9901
was published
for
github.com/envoyproxy/envoy
(Go)
May 24, 2022
Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company...
Moderate
Unreviewed
CVE-2022-29448
was published
May 21, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29445
was published
May 19, 2022
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0...
Moderate
Unreviewed
CVE-2018-6112
was published
May 13, 2022
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code...
High
Unreviewed
CVE-2019-9616
was published
May 13, 2022
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic...
Moderate
Unreviewed
CVE-2019-0816
was published
May 13, 2022
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly...
High
Unreviewed
CVE-2019-0571
was published
May 13, 2022
A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection ...
Moderate
Unreviewed
CVE-2018-0237
was published
May 13, 2022
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by...
Critical
Unreviewed
CVE-2019-8908
was published
May 13, 2022
MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code...
Critical
Unreviewed
CVE-2019-7731
was published
May 13, 2022
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and...
High
Unreviewed
CVE-2018-12020
was published
May 13, 2022
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to...
Moderate
Unreviewed
CVE-2022-0855
was published
Mar 5, 2022
Istio Fragments in Path May Lead to Authorization Policy Bypass
High
CVE-2021-39156
was published
for
istio.io/istio
(Go)
Aug 30, 2021
opencontainers runc contains procfs race condition with a shared volume mount
Moderate
CVE-2019-19921
was published
for
github.com/opencontainers/runc
(Go)
May 27, 2021
Information Disclosure in Apache Tomcat
Moderate
CVE-2021-24122
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2021
ProTip!
Advisories are also available from the
GraphQL API