GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Information Disclosure in Apache Tomcat
Moderate
CVE-2021-24122
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2021
opencontainers runc contains procfs race condition with a shared volume mount
Moderate
CVE-2019-19921
was published
for
github.com/opencontainers/runc
(Go)
May 27, 2021
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to...
Moderate
Unreviewed
CVE-2022-0855
was published
Mar 5, 2022
A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection ...
Moderate
Unreviewed
CVE-2018-0237
was published
May 13, 2022
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic...
Moderate
Unreviewed
CVE-2019-0816
was published
May 13, 2022
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0...
Moderate
Unreviewed
CVE-2018-6112
was published
May 13, 2022
Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company...
Moderate
Unreviewed
CVE-2022-29448
was published
May 21, 2022
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a...
Moderate
Unreviewed
CVE-2019-0220
was published
May 24, 2022
The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote...
Moderate
Unreviewed
CVE-2019-12837
was published
May 24, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An...
Moderate
Unreviewed
CVE-2020-35566
was published
May 24, 2022
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the...
Moderate
Unreviewed
CVE-2020-4719
was published
May 24, 2022
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations,...
Moderate
Unreviewed
CVE-2021-32054
was published
May 24, 2022
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object...
Moderate
Unreviewed
CVE-2021-35337
was published
May 24, 2022
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37212
was published
May 24, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37213
was published
May 24, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2021-37215
was published
May 24, 2022
Allows a remote user to read files on the camera's OS "GetFileContent.cgi". Reading arbitrary...
Moderate
Unreviewed
CVE-2022-30621
was published
Jul 19, 2022
lambdaisland/uri `authority-regex` returns the wrong authority
Moderate
CVE-2023-28628
was published
for
lambdaisland:uri
(Maven)
Mar 27, 2023
ProTip!
Advisories are also available from the
GraphQL API