GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
11,257 advisories
Filter by severity
Persistent XSS in newsletter module in Shopware
Low
GHSA-hrfh-fp4x-crrq
was published
for
shopware/shopware
(Composer)
Nov 13, 2020
Privilege escalation by backend users assigned to the default "Publisher" system role
Low
CVE-2020-15248
was published
for
october/backend
(Composer)
Nov 23, 2020
Stored XSS by authenticated backend user with access to upload files
Low
CVE-2020-15249
was published
for
october/backend
(Composer)
Nov 23, 2020
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Low
CVE-2020-26231
was published
for
october/cms
(Composer)
Nov 23, 2020
XML External Entity in Dashboard Widget
Low
CVE-2020-26229
was published
for
typo3/cms
(Composer)
Nov 23, 2020
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Low
GHSA-47qg-q58v-7vrp
was published
for
amundsen-frontend
(pip)
Dec 2, 2020
Denial of service in fast-csv
Low
CVE-2020-26256
was published
for
@fast-csv/parse
(npm)
Dec 8, 2020
Lack of validation in data format attributes in TensorFlow
Low
CVE-2020-26267
was published
for
tensorflow
(pip)
Dec 10, 2020
Apache Airflow logs passwords in plaintext
Low
CVE-2020-17511
was published
for
apache-airflow
(pip)
Dec 17, 2020
Authenticated Privilege Escalation
Low
GHSA-5q58-x5h2-v5rx
was published
for
shopware/core
(Composer)
Dec 21, 2020
Information exposure via query strings in URL
Low
GHSA-cq6h-w3mc-57f4
was published
for
shopware/core
(Composer)
Dec 21, 2020
Authenticated Server Side Request Forgery
Low
GHSA-8pfh-mm2g-hmc3
was published
for
shopware/core
(Composer)
Dec 21, 2020
Parse Server stores password in plain text
Low
CVE-2020-26288
was published
for
parse-server
(npm)
Dec 28, 2020
Regex denial of service vulnerability in codesample plugin
Low
GHSA-h96f-fc7c-9r55
was published
for
tinymce
(npm)
Jan 6, 2021
Blind SQL injection in PrestaShop productcomments module
Low
CVE-2020-26248
was published
for
prestashop/productcomments
(Composer)
Jan 20, 2021
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-w736-hf9p-qqh3
was published
for
com.amazonaws:aws-dynamodb-encryption-java
(Maven)
Feb 8, 2021
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
Generation of fake documents via public GET-call
Low
GHSA-jvg4-9rc2-wvcr
was published
for
shopware/platform
(Composer)
Feb 10, 2021
Token verification bug in next-auth
Low
CVE-2021-21310
was published
for
next-auth
(npm)
Feb 11, 2021
Unencrypted passwords
Low
GHSA-q594-2475-8v9f
was published
for
org.apache.nifi:nifi-standard-processors
(Maven)
Feb 24, 2021
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API