Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,537 advisories

Loading
Aimeos Typo3 extension contains Cross-site Scripting vulnerability Moderate
CVE-2021-28380 was published for aimeos/aimeos-typo3 (Composer) May 24, 2022
Missing permission check in Moodle Moderate
CVE-2021-20283 was published for moodle/moodle (Composer) May 24, 2022
Moodle Bypass email verification secret when confirming account registration Moderate
CVE-2021-20282 was published for moodle/moodle (Composer) May 24, 2022
Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client High
CVE-2021-20218 was published for io.fabric8:kubernetes-client (Maven) May 24, 2022
Moodle contains Stored XSS via ID number user profile field Moderate
CVE-2021-20279 was published for moodle/moodle (Composer) May 24, 2022
ShopXO RCE Vulnerability Critical
CVE-2021-27817 was published for shopxo/shopxo (Composer) May 24, 2022
Grav CMS Local File Injection Moderate
CVE-2020-29556 was published for getgrav/grav (Composer) May 24, 2022
Grav CMS Arbitrary File Deletion High
CVE-2020-29555 was published for getgrav/grav (Composer) May 24, 2022
Grav CMS Cross-Site Request Forgery (CSRF) High
CVE-2020-29553 was published for getgrav/grav (Composer) May 24, 2022
Fix a use-after-free bug in diesels Sqlite backend Critical
CVE-2021-28305 was published for diesel (Rust) May 24, 2022
Changeset vulnerable to prototype pollution Critical
CVE-2021-25915 was published for changeset (npm) May 24, 2022
Keycloak discloses information without authentication Moderate
CVE-2020-27838 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
move_elements can double-free objects on panic Critical
CVE-2021-28031 was published for scratchpad (Rust) May 24, 2022
Loading a bgzip block can write out of bounds if size overflows. Critical
CVE-2021-28027 was published for bam (Rust) May 24, 2022
Rancher Cross-site Scripting Vulnerability Moderate
CVE-2021-25313 was published for github.com/rancher/rancher (Go) May 24, 2022
qcubed PHP object injection Critical
CVE-2020-24914 was published for qcubed/qcubed (Composer) May 24, 2022
qcubed reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2020-24912 was published for qcubed/qcubed (Composer) May 24, 2022
qcubed SQL injection vulnerability in profile.php via the strQuery parameter Critical
CVE-2020-24913 was published for qcubed/qcubed (Composer) May 24, 2022
Saltstack Salt Unauthenticated Arbitrary Code Execution High
CVE-2021-25315 was published for salt (pip) May 24, 2022
ThinkAdmin Admin Panel Access using Default Credentials High
CVE-2020-35296 was published for zoujingli/thinkadmin (Composer) May 24, 2022
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument Critical
CVE-2021-3197 was published for salt (pip) May 24, 2022
SaltStack Salt eauth tokens can be used once after expiration Critical
CVE-2021-3144 was published for salt (pip) May 24, 2022
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client Critical
CVE-2021-3148 was published for salt (pip) May 24, 2022
SaltStack Salt Directory Traversal vulnerability High
CVE-2021-25282 was published for salt (pip) May 24, 2022
SaltStack Salt Improper Authentication vulnerability Critical
CVE-2021-25281 was published for salt (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database