GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
Pyro mishandles pid files in temporary directory locations and opening the pid file as root
High
CVE-2011-2765
was published
for
pyro
(pip)
Aug 21, 2018
Arbitrary Code Execution in Docker
High
CVE-2014-6407
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Directory Traversal in Docker
Moderate
CVE-2014-9358
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Symlink Attack in Libcontainer and Docker Engine
Moderate
CVE-2015-3627
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack
Moderate
CVE-2014-4996
was published
for
VladTheEnterprising
(RubyGems)
May 14, 2022
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
High
CVE-2021-39135
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following
High
CVE-2021-39134
was published
for
@npmcli/arborist
(npm)
Aug 31, 2021
Data Loss/Denial of Service in SWHKD
High
CVE-2022-27816
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Mar 31, 2022
Privilege escalation in beego
High
CVE-2021-27116
was published
for
github.com/beego/beego
(Go)
Apr 6, 2022
Privilege escalation in beego
High
CVE-2021-27117
was published
for
github.com/beego/beego
(Go)
Apr 6, 2022
Improper Link Resolution Before File Access in Apache Hadoop
Moderate
CVE-2014-3627
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 17, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Insecure Temporary File in SWHKD
Critical
CVE-2022-27815
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Mar 31, 2022
Improper Link Resolution Before File Access in pip
Low
CVE-2013-1888
was published
for
pip
(pip)
May 13, 2022
Improper Link Resolution Before File Access in Suds
Low
CVE-2013-2217
was published
for
suds
(pip)
May 14, 2022
Arbitrary File Read in Snyk Broker
Moderate
CVE-2020-7653
was published
for
snyk-broker
(npm)
Jun 3, 2020
Moderate severity vulnerability that affects org.springframework.boot:spring-boot
Moderate
CVE-2018-1196
was published
for
org.springframework.boot:spring-boot
(Maven)
Oct 18, 2018
Directory exposure in jetty
Low
CVE-2021-28163
was published
for
org.eclipse.jetty:jetty-deploy
(Maven)
Apr 6, 2021
Remote Code Execution in SCIMono
High
CVE-2021-21479
was published
for
com.sap.scimono:scimono-server
(Maven)
Feb 10, 2021
Link Following in Kata Runtime
High
CVE-2020-2026
was published
for
github.com/kata-containers/runtime
(Go)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API