GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
941 advisories
Filter by severity
Improper Access Control in Dolibarr
Moderate
CVE-2021-25954
was published
for
dolibarr/dolibarr
(Composer)
Aug 11, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Moderate
GHSA-6rg3-8h8x-5xfv
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
Access Restriction Bypass in kube-apiserver
Moderate
CVE-2021-25735
was published
for
k8s.io/kubernetes
(Go)
May 28, 2021
Improper Access Control in Apache Airflow
Moderate
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Unsafe Merging of CORS Configuration Conflict in hapi
Moderate
CVE-2015-9243
was published
for
hapi
(npm)
Sep 1, 2020
Incorrect Access Control vulnerability in api-platform/core
Moderate
CVE-2019-1000011
was published
for
api-platform/core
(Composer)
Oct 14, 2019
Authentication Bypass in Devise
Moderate
CVE-2019-16109
was published
for
devise
(RubyGems)
Sep 11, 2019
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2016-8629
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Incorrect handling of CORS preflight request headers in hapi
Moderate
CVE-2015-9236
was published
for
hapi
(npm)
Jun 7, 2018
Action Pack contains database-query restrictions bypass
Moderate
CVE-2012-2660
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Active Record allows bypassing of database-query restrictions
Moderate
CVE-2013-0155
was published
for
activerecord
(RubyGems)
Oct 24, 2017
ActiveRecord vulnerable to modification of protected model attributes
Moderate
CVE-2013-0276
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Web Console (Ruby gem) contains whitelisted_ips bypass
Moderate
CVE-2015-3224
was published
for
web-console
(RubyGems)
Oct 24, 2017
Active Record Improper Access Control
Moderate
CVE-2015-7577
was published
for
activerecord
(RubyGems)
Oct 24, 2017
actionpack allows bypass of database-query restrictions
Moderate
CVE-2013-6417
was published
for
actionpack
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API