Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

10,308 advisories

Loading
SQL Injection in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19026 was published for github.com/goharbor/harbor (Go) May 18, 2021
Privilege Escalation in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19023 was published for github.com/goharbor/harbor (Go) May 18, 2021
Improper Input Validation in HashiCorp Consul Moderate
CVE-2020-13170 was published for github.com/hashicorp/consul (Go) May 18, 2021
Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information Moderate
CVE-2019-17110 was published for github.com/kubernetes/kube-state-metrics (Go) May 18, 2021 withdrawn
Path Traversal in MHolt Archiver Moderate
CVE-2019-10743 was published for github.com/mholt/archiver (Go) May 18, 2021
Cross-site Scripting in Documize Moderate
CVE-2019-19619 was published for github.com/documize/community (Go) May 18, 2021
Kubernetes kubectl cp Vulnerable to Symlink Attack Moderate
CVE-2019-11251 was published for k8s.io/kubernetes (Go) May 18, 2021
Uncontrolled Resource Consumption in firebase Moderate
CVE-2020-7765 was published for @firebase/util (npm) May 18, 2021
Cross-site Scripting in docsify Moderate
CVE-2020-7680 was published for docsify (npm) May 18, 2021
Credential leak in react-native-fast-image Moderate
CVE-2020-7696 was published for react-native-fast-image (npm) May 18, 2021
Cross-site scripting in jspdf Moderate
CVE-2020-7690 was published for jspdf (npm) May 17, 2021
Cross-site scripting in @shopify/koa-shopify-auth Moderate
CVE-2020-8176 was published for @shopify/koa-shopify-auth (npm) May 17, 2021
Cross-site scripting in TileServer GL Moderate
CVE-2020-15500 was published for tileserver-gl (npm) May 17, 2021
tdunlap607
OS Command Injection in mversion Moderate
CVE-2020-7688 was published for mversion (npm) May 17, 2021
Insecure template handling in express-hbs Moderate
CVE-2021-32817 was published for express-hbs (npm) May 17, 2021
richardfan0606
Lack of protection against cookie tossing attacks in fastify-csrf Moderate
CVE-2021-29624 was published for fastify-csrf (npm) May 17, 2021
Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12 Moderate
GHSA-7rrm-v45f-jp64 was published for nokogiri (RubyGems) May 17, 2021
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV
Reflected Cross-site Scripting (XSS) in ACS Commons Moderate
CVE-2021-21043 was published for com.adobe.acs:acs-aem-commons (Maven) May 13, 2021
Apache Livy Cross-site scripting (XSS) in session names Moderate
CVE-2021-26544 was published for org.apache.livy:livy-server (Maven) May 13, 2021
Uncontrolled Memory Allocation in Apache PDFBox Moderate
CVE-2021-27906 was published for org.apache.pdfbox:pdfbox (Maven) May 13, 2021
Information Disclosure in Apache Tomcat Moderate
CVE-2021-24122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2021
sunSUNQ
Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic Moderate
CVE-2021-29510 was published for pydantic (pip) May 13, 2021
nina-j bluetech
Prevent user enumeration using Guard or the new Authenticator-based Security Moderate
CVE-2021-21424 was published for lexik/jwt-authentication-bundle (Composer) May 13, 2021
jamesisaac mbrodala
chalasr
Denial of service attack via push rule patterns in matrix-synapse Moderate
CVE-2021-29471 was published for matrix-synapse (pip) May 13, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database