GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
140 advisories
Filter by severity
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful...
Moderate
Unreviewed
CVE-2021-37112
was published
Jan 4, 2022
Password vault has a External Control of System or Configuration Setting vulnerability.Successful...
High
Unreviewed
CVE-2021-39971
was published
Jan 4, 2022
In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to...
High
Unreviewed
CVE-2021-1003
was published
Dec 16, 2021
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path...
Critical
Unreviewed
CVE-2021-44041
was published
Dec 15, 2021
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary...
Critical
Unreviewed
CVE-2021-20042
was published
Dec 9, 2021
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and...
Moderate
Unreviewed
CVE-2021-36190
was published
Dec 9, 2021
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master...
Critical
Unreviewed
CVE-2021-43685
was published
Dec 2, 2021
Confused Deputy in Kubernetes
Low
CVE-2021-25740
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
Confused Deputy in Kubernetes
Moderate
CVE-2020-8561
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
ExternalName Services can be used to gain access to Envoy's admin interface
High
CVE-2021-32783
was published
for
github.com/projectcontour/contour
(Go)
Aug 30, 2021
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix
Moderate
CVE-2020-5412
was published
for
org.springframework.cloud:spring-cloud-netflix
(Maven)
Apr 30, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible
Moderate
CVE-2019-14905
was published
for
ansible
(pip)
Apr 20, 2021
Upload whitelisted files to any directory in OctoberCMS
Low
CVE-2020-5297
was published
for
october/cms
(Composer)
Jun 3, 2020
Arbitrary File Deletion vulnerability in OctoberCMS
Moderate
CVE-2020-5296
was published
for
october/cms
(Composer)
Jun 3, 2020
Sandbox Breakout in safe-eval
Critical
CVE-2017-16088
was published
for
safe-eval
(npm)
Jul 18, 2018
ProTip!
Advisories are also available from the
GraphQL API