Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,378 advisories

Loading
Incorrect Session Validation in Apache Airflow High
CVE-2020-17526 was published for apache-airflow (pip) Apr 20, 2021
sunSUNQ
Any logged in user could edit any other logged in user. High
CVE-2021-29452 was published for @curveball/a12n-server (npm) Apr 19, 2021
Improper Access Control in Apache Airflow High
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
Privilege Escalation Flaw in Elasticsearch Moderate
CVE-2020-7014 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Privilege Context Switching Error in Elasticsearch Low
CVE-2020-7020 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Privilege escalation by backend users assigned to the default "Publisher" system role Low
CVE-2020-15248 was published for october/backend (Composer) Nov 23, 2020
Improper Privilege Management in Tomcat Critical
CVE-2020-1938 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 15, 2020
npm Vulnerable to Global node_modules Binary Overwrite High
CVE-2019-16777 was published for npm (npm) Dec 13, 2019
DanielRuf
Improper Privilege Management in org.apache.hadoop:hadoop-main High
CVE-2018-11767 was published for org.apache.hadoop:hadoop-main (Maven) Mar 25, 2019
dwebp-bin downloads Resources over HTTP High
CVE-2016-10633 was published for dwebp-bin (npm) Feb 18, 2019
Downloads Resources over HTTP in bionode-sra High
CVE-2016-10613 was published for bionode-sra (npm) Feb 18, 2019
ipip downloads Resources over HTTP High
CVE-2016-10594 was published for ipip (npm) Feb 18, 2019
Downloads Resources over HTTP in haxe High
CVE-2016-10602 was published for haxe (npm) Feb 18, 2019
Downloads Resources over HTTP in openframe-image High
CVE-2016-10616 was published for openframe-image (npm) Feb 18, 2019
Downloads Resources over HTTP in libxl High
CVE-2016-10585 was published for libxl (npm) Feb 18, 2019
Downloads Resources over HTTP in prince High
CVE-2016-10591 was published for prince (npm) Feb 18, 2019
ibapi downloads Resources over HTTP High
CVE-2016-10593 was published for ibapi (npm) Feb 18, 2019
Downloads Resources over HTTP in cobalt-cli High
CVE-2016-10597 was published for cobalt-cli (npm) Feb 18, 2019
Downloads Resources over HTTP in openframe-glslviewer High
CVE-2016-10607 was published for openframe-glslviewer (npm) Feb 18, 2019
Improper Privilege Management in Apache Karaf High
CVE-2018-11786 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2018
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2 High
CVE-2018-15758 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 19, 2018
MarkLee131
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection Critical
CVE-2017-11467 was published for com.orientechnologies:orientdb-core (Maven) Oct 18, 2018
yoshizawa-masatoshi
Downloads Resources over HTTP in node-bsdiff-android High
CVE-2016-10641 was published for node-bsdiff-android (npm) Sep 18, 2018
fis-sass-all downloads Resources over HTTP High
CVE-2016-10686 was published for fis-sass-all (npm) Aug 17, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database