GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate
High
CVE-2021-21413
was published
for
isolated-vm
(npm)
Apr 6, 2021
Improper Control of Dynamically-Managed Code Resources in config-shield
Moderate
CVE-2021-26276
was published
for
config-shield
(npm)
Apr 13, 2021
Use of Potentially Dangerous Function in mixme
High
CVE-2021-29491
was published
for
mixme
(npm)
May 6, 2021
Header dropping in traefik
Moderate
CVE-2021-32813
was published
for
github.com/traefik/traefik
(Go)
Aug 5, 2021
Prototype Pollution in config-handler
Critical
CVE-2021-23448
was published
for
config-handler
(npm)
Oct 12, 2021
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35491
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
High
CVE-2020-25803
was published
for
org.craftercms:crafter-studio
(Maven)
Feb 9, 2022
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
High
CVE-2020-25802
was published
for
org.craftercms:crafter-studio
(Maven)
Feb 9, 2022
Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources
High
CVE-2021-23267
was published
for
org.craftercms:crafter-studio
(Maven)
May 17, 2022
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources
High
CVE-2022-40634
was published
for
org.craftercms:crafter-studio
(Maven)
Sep 14, 2022
CrafterCMS OS Command Injection vulnerability
High
CVE-2022-40635
was published
for
org.craftercms:craftercms
(Maven)
Sep 14, 2022
Budibase Improper Access Control vulnerability
Moderate
CVE-2022-3225
was published
for
@budibase/bbui
(npm)
Sep 17, 2022
vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host
Critical
CVE-2022-36067
was published
for
vm2
(npm)
Sep 28, 2022
CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation
Moderate
CVE-2022-4318
was published
for
github.com/cri-o/cri-o
(Go)
Dec 29, 2022
sqlite vulnerable to code execution due to Object coercion
High
CVE-2022-43441
was published
for
sqlite3
(npm)
Mar 13, 2023
toui allows user-specific variables to be shared between users
Critical
CVE-2023-33175
was published
for
toui
(pip)
May 24, 2023
SpiceDB's LookupResources may return partial results
Low
CVE-2023-35930
was published
for
github.com/authzed/spicedb
(Go)
Jun 28, 2023
RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
High
CVE-2023-37271
was published
for
RestrictedPython
(pip)
Jul 10, 2023
TorchServe Pre-Auth Remote Code Execution
Critical
GHSA-4mqg-h5jf-j9m7
was published
for
torchserve
(pip)
Oct 2, 2023
Eclipse Glassfish remote code execution issue
Moderate
CVE-2023-5763
was published
for
org.glassfish.main.orb:orb-connector
(Maven)
Nov 3, 2023
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
Remote code execution in pytorch lightning
Critical
CVE-2024-5452
was published
for
lightning
(pip)
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API