GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,330
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
Electron webPreferences vulnerability can be used to perform remote code execution
High
CVE-2018-15685
was published
for
electron
(npm)
Aug 23, 2018
Insecure Default Initialization of Resource in Pivotal Spring Web Flow
Moderate
CVE-2017-4971
was published
for
org.springframework.webflow:spring-webflow
(Maven)
May 13, 2022
Insecure Default Initialization of Resource in Pivotal Spring Web Flow
Moderate
CVE-2017-8039
was published
for
org.springframework.webflow:spring-webflow
(Maven)
May 13, 2022
WildFly vulnerable to Insecure Default Initialization of Resource
High
CVE-2022-1278
was published
for
org.wildfly.bom:wildfly
(Maven)
Sep 14, 2022
Insecure defaults in UmbracoForms
High
CVE-2020-7685
was published
for
UmbracoForms
(NuGet)
Jul 29, 2020
OpenStack Nova uses insecure keystone middleware tmpdir by default
Moderate
CVE-2013-2030
was published
for
python-keystoneclient
(pip)
May 17, 2022
User data exposure in Apache InLong
Moderate
CVE-2023-31101
was published
for
org.apache.inlong:manager-dao
(Maven)
May 22, 2023
MTProto proxy remote code execution vulnerability
High
CVE-2023-45312
was published
for
mtproto_proxy
(Erlang)
Oct 10, 2023
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Low
CVE-2023-3485
was published
for
go.temporal.io/server
(Go)
Jun 30, 2023
Insecure Default Initialization In Liferay Portal
Moderate
CVE-2023-33949
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Default swagger-ui configuration exposes all files in the module
Moderate
CVE-2024-22207
was published
for
@fastify/swagger-ui
(npm)
Jan 16, 2024
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
Critical
CVE-2018-8014
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
ASA-2024-004: Default configuration param for Evidence may limit window of validity
Low
GHSA-555p-m4v6-cqxv
was published
for
github.com/cometbft/cometbft
(Go)
Feb 28, 2024
Apache superset missing check for default SECRET_KEY
High
CVE-2023-27524
was published
for
apache-superset
(pip)
Apr 24, 2023
Insecure deserialization in BentoML
Critical
CVE-2024-2912
was published
for
bentoml
(pip)
Apr 16, 2024
Apache ActiveMQ's default configuration doesn't secure the API web context
High
CVE-2024-32114
was published
for
org.apache.activemq:apache-activemq
(Maven)
May 2, 2024
vodozemac has degraded secret zeroization capabilities
Low
CVE-2024-34063
was published
for
vodozemac
(Rust)
May 3, 2024
Apache Isis webconsole module may directly query the database in prototype mode
Moderate
CVE-2022-42467
was published
for
org.apache.isis.core:isis-core
(Maven)
Oct 19, 2022
Argo CD Insecure default administrative password
High
CVE-2020-8828
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
Insecure Default Initialization of Resource vulnerability in Apache Solr
High
CVE-2024-45217
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
Filament has exported files stored in default (`public`) filesystem if not reconfigured
Low
CVE-2024-51758
was published
for
filament/actions
(Composer)
Nov 7, 2024
ProTip!
Advisories are also available from the
GraphQL API