Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
vodozemac has degraded secret zeroization capabilities Low
CVE-2024-34063 was published for vodozemac (Rust) May 3, 2024
Apache ActiveMQ's default configuration doesn't secure the API web context High
CVE-2024-32114 was published for org.apache.activemq:apache-activemq (Maven) May 2, 2024
Insecure deserialization in BentoML Critical
CVE-2024-2912 was published for bentoml (pip) Apr 16, 2024
ASA-2024-004: Default configuration param for Evidence may limit window of validity Low
GHSA-555p-m4v6-cqxv was published for github.com/cometbft/cometbft (Go) Feb 28, 2024
Default swagger-ui configuration exposes all files in the module Moderate
CVE-2024-22207 was published for @fastify/swagger-ui (npm) Jan 16, 2024
knolleary
MTProto proxy remote code execution vulnerability High
CVE-2023-45312 was published for mtproto_proxy (Erlang) Oct 10, 2023
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource Low
CVE-2023-3485 was published for go.temporal.io/server (Go) Jun 30, 2023
Insecure Default Initialization In Liferay Portal Moderate
CVE-2023-33949 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
User data exposure in Apache InLong Moderate
CVE-2023-31101 was published for org.apache.inlong:manager-dao (Maven) May 22, 2023
Apache superset missing check for default SECRET_KEY High
CVE-2023-27524 was published for apache-superset (pip) Apr 24, 2023
Apache Isis webconsole module may directly query the database in prototype mode Moderate
CVE-2022-42467 was published for org.apache.isis.core:isis-core (Maven) Oct 19, 2022
WildFly vulnerable to Insecure Default Initialization of Resource High
CVE-2022-1278 was published for org.wildfly.bom:wildfly (Maven) Sep 14, 2022
OpenStack Nova uses insecure keystone middleware tmpdir by default Moderate
CVE-2013-2030 was published for python-keystoneclient (pip) May 17, 2022
Insecure Default Initialization of Resource in Pivotal Spring Web Flow Moderate
CVE-2017-8039 was published for org.springframework.webflow:spring-webflow (Maven) May 13, 2022
Insecure Default Initialization of Resource in Pivotal Spring Web Flow Moderate
CVE-2017-4971 was published for org.springframework.webflow:spring-webflow (Maven) May 13, 2022
Argo CD Insecure default administrative password High
CVE-2020-8828 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
Arbitrary Code Execution in grunt High
CVE-2020-7729 was published for grunt (npm) May 6, 2021
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
Insecure defaults in UmbracoForms High
CVE-2020-7685 was published for UmbracoForms (NuGet) Jul 29, 2020
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins Critical
CVE-2018-8014 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Electron webPreferences vulnerability can be used to perform remote code execution High
CVE-2018-15685 was published for electron (npm) Aug 23, 2018
ProTip! Advisories are also available from the GraphQL API