GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Access Control Bypass in Spring Security
Critical
CVE-2023-34034
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 19, 2023
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders...
Critical
Unreviewed
CVE-2021-33990
was published
Apr 16, 2023
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate...
Critical
Unreviewed
CVE-2024-36532
was published
Jun 22, 2024
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote...
Critical
Unreviewed
CVE-2023-47463
was published
Nov 30, 2023
Remote code execution in Voyager
Critical
CVE-2020-36070
was published
for
tcg/voyager
(Composer)
Apr 26, 2023
Object state limitation has no effect
Critical
GHSA-5x4f-7xgq-r42x
was published
for
ezsystems/ezpublish-kernel
(Composer)
Apr 29, 2022
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10...
Critical
Unreviewed
CVE-2018-4115
was published
May 13, 2022
Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7...
Critical
Unreviewed
CVE-2017-8543
was published
May 13, 2022
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1,...
Critical
Unreviewed
CVE-2017-8589
was published
May 13, 2022
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
Critical
CVE-2021-38553
was published
for
github.com/hashicorp/vault
(Go)
Aug 30, 2021
If a user had granted a permission to a webpage and saved that grant, any webpage running on the...
Critical
Unreviewed
CVE-2021-29971
was published
May 24, 2022
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which...
Critical
Unreviewed
CVE-2020-18890
was published
May 24, 2022
Object state limitation has no effect
Critical
GHSA-gvj8-4cj4-h776
was published
for
ibexa/core
(Composer)
Apr 29, 2022
Object state limitation has no effect
Critical
GHSA-w8qp-hmh5-4v9v
was published
for
ezsystems/ezplatform-kernel
(Composer)
Apr 29, 2022
ProTip!
Advisories are also available from the
GraphQL API