GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
937 advisories
Filter by severity
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
Private data exposure via REST API in BuddyPress
High
CVE-2020-5244
was published
for
buddypress/buddypress
(Composer)
Feb 24, 2020
High severity vulnerability that affects org.apache.hbase:hbase
High
CVE-2015-1836
was published
for
org.apache.hbase:hbase
(Maven)
Oct 18, 2018
Arbitrary code using "crafted image file" approach affecting Pillow
High
CVE-2016-9190
was published
for
Pillow
(pip)
Jul 12, 2018
Improper Input Validation in libseccomp-golang
High
CVE-2017-18367
was published
for
github.com/seccomp/libseccomp-golang
(Go)
May 18, 2021
Improper Access Control in Lightning Network Daemon
High
CVE-2019-12999
was published
for
github.com/lightningnetwork/lnd
(Go)
May 18, 2021
User can obtain JWT token even if account is disabled
High
GHSA-36mj-6r7r-mqhf
was published
for
ezsystems/ezplatform-rest
(Composer)
Sep 29, 2021
Sails before 0.12.7 vulnerable to Broken CORS
High
CVE-2016-10549
was published
for
sails
(npm)
Feb 18, 2019
An unauthorized user could possibly delete any file on the system.
High
Unreviewed
CVE-2022-46331
was published
Jan 18, 2023
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up...
High
Unreviewed
CVE-2022-0815
was published
Mar 12, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib...
High
Unreviewed
CVE-2021-24906
was published
Jan 25, 2022
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing...
High
Unreviewed
CVE-2015-3806
was published
May 17, 2022
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6...
High
Unreviewed
CVE-2021-21083
was published
May 24, 2022
Improper Access Control in MySQL Connector Python
High
CVE-2019-2435
was published
for
mysql-connector-python
(pip)
May 13, 2022
Improper Access Control in Elasticsearch
High
CVE-2019-7611
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Improper Access Control in Apache Derby
High
CVE-2010-2232
was published
for
org.apache.derby:derby
(Maven)
May 17, 2022
Improper Access Control in Elasticsearch
High
CVE-2015-4165
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier)...
High
Unreviewed
CVE-2021-21045
was published
May 24, 2022
Improper Access Control in Apache Hadoop
High
CVE-2016-5393
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Improper Access Control in MySQL Connectors Java
High
CVE-2017-3523
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Improper Access Control in Elasticsearch
High
CVE-2015-1427
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a...
High
Unreviewed
CVE-2022-1261
was published
May 27, 2022
A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software...
High
Unreviewed
CVE-2021-1284
was published
May 24, 2022
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control...
High
Unreviewed
CVE-2020-9668
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API