Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

984 advisories

Loading
CORS Token Disclosure in crumb Moderate
CVE-2014-7193 was published for crumb (npm) Oct 24, 2017
Web Console (Ruby gem) contains whitelisted_ips bypass Moderate
CVE-2015-3224 was published for web-console (RubyGems) Oct 24, 2017
actionpack allows bypass of database-query restrictions Moderate
CVE-2013-6417 was published for actionpack (RubyGems) Oct 24, 2017
Active Record Improper Access Control Moderate
CVE-2015-7577 was published for activerecord (RubyGems) Oct 24, 2017
ActiveRecord vulnerable to modification of protected model attributes Moderate
CVE-2013-0276 was published for activerecord (RubyGems) Oct 24, 2017
Active Record allows bypassing of database-query restrictions Moderate
CVE-2013-0155 was published for activerecord (RubyGems) Oct 24, 2017
Action Pack contains database-query restrictions bypass Moderate
CVE-2012-2660 was published for actionpack (RubyGems) Oct 24, 2017
Incorrect handling of CORS preflight request headers in hapi Moderate
CVE-2015-9236 was published for hapi (npm) Jun 7, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2016-8629 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Authentication Bypass in Devise Moderate
CVE-2019-16109 was published for devise (RubyGems) Sep 11, 2019
Incorrect Access Control vulnerability in api-platform/core Moderate
CVE-2019-1000011 was published for api-platform/core (Composer) Oct 14, 2019
Unsafe Merging of CORS Configuration Conflict in hapi Moderate
CVE-2015-9243 was published for hapi (npm) Sep 1, 2020
Improper Access Control in Apache Airflow Moderate
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
Access Restriction Bypass in kube-apiserver Moderate
CVE-2021-25735 was published for k8s.io/kubernetes (Go) May 28, 2021
jhutchings1
Unchecked hostname resolution could allow access to local network resources by users outside the local network Moderate
GHSA-6rg3-8h8x-5xfv was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
Improper Access Control in Dolibarr Moderate
CVE-2021-25954 was published for dolibarr/dolibarr (Composer) Aug 11, 2021
Improper Access Control in github.com/treeverse/lakefs Moderate
GHSA-m836-gxwq-j2pm was published for github.com/treeverse/lakefs (Go) Oct 28, 2021
eden-ohana tdunlap607
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server Moderate
CVE-2021-22565 was published for github.com/google/exposure-notifications-verification-server (Go) Nov 10, 2021
sethvargo
Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a... Moderate Unreviewed
CVE-2021-26262 was published Nov 20, 2021
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24703 was published Nov 24, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user... Moderate Unreviewed
CVE-2021-24859 was published Dec 14, 2021
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with... Moderate Unreviewed
CVE-2021-24845 was published Dec 14, 2021
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database