GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online...
Moderate
Unreviewed
CVE-2024-55058
was published
Dec 17, 2024
gitsign may use incorrect Rekor entries during verification
Low
CVE-2024-51746
was published
for
github.com/sigstore/gitsign
(Go)
Nov 5, 2024
gix-path uses local config across repos when it is the highest scope
Low
CVE-2024-45305
was published
for
gix-path
(Rust)
Sep 3, 2024
Nuxt vulnerable to remote code execution via the browser when running the test locally
Critical
CVE-2024-34344
was published
for
nuxt
(npm)
Aug 5, 2024
TorchServe vulnerable to bypass of allowed_urls configuration
Critical
CVE-2024-35198
was published
for
torchserve
(pip)
Jul 18, 2024
The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all...
High
Unreviewed
CVE-2024-4887
was published
Jun 7, 2024
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-42125
was published
May 3, 2024
Directus has MySQL accent insensitive email matching
High
CVE-2024-27295
was published
for
directus
(npm)
Mar 1, 2024
Docassemble unauthorized access through URL manipulation
High
CVE-2024-27292
was published
for
docassemble.base
(pip)
Feb 29, 2024
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
High
CVE-2023-34092
was published
for
vite
(npm)
Jun 6, 2023
lambdaisland/uri `authority-regex` returns the wrong authority
Moderate
CVE-2023-28628
was published
for
lambdaisland:uri
(Maven)
Mar 27, 2023
Opencontainers runc Incorrect Authorization vulnerability
High
CVE-2023-27561
was published
for
github.com/opencontainers/runc
(Go)
Mar 3, 2023
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of...
Critical
Unreviewed
CVE-2022-30258
was published
Nov 22, 2022
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of...
Critical
Unreviewed
CVE-2022-30257
was published
Nov 22, 2022
Allows a remote user to read files on the camera's OS "GetFileContent.cgi". Reading arbitrary...
Moderate
Unreviewed
CVE-2022-30621
was published
Jul 19, 2022
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when...
High
Unreviewed
CVE-2022-27778
was published
Jun 3, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2021-37215
was published
May 24, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37213
was published
May 24, 2022
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37212
was published
May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)...
High
Unreviewed
CVE-2021-37214
was published
May 24, 2022
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse,...
High
Unreviewed
CVE-2021-22924
was published
May 24, 2022
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink()...
Critical
Unreviewed
CVE-2021-37144
was published
May 24, 2022
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object...
Moderate
Unreviewed
CVE-2021-35337
was published
May 24, 2022
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations,...
Moderate
Unreviewed
CVE-2021-32054
was published
May 24, 2022
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the...
Moderate
Unreviewed
CVE-2020-4719
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API