Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

84 advisories

Loading
Use of Hard-coded Credentials in Apache Kylin High
CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user... High Unreviewed
CVE-2021-24998 was published Dec 28, 2021
Improper file handling in concrete5/core High
CVE-2021-22968 was published for concrete5/core (Composer) Nov 23, 2021
Use of Insufficiently Random Values in yiisoft/yii2-dev High
CVE-2021-3689 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
Predictable SIF UUID Identifiers in github.com/sylabs/sif High
CVE-2021-29499 was published for github.com/sylabs/sif (Go) May 18, 2021
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Insecure randomness in socket.io High
CVE-2017-16031 was published for socket.io (npm) Nov 7, 2018
Aescrypt does not sufficiently use random values High
CVE-2013-7463 was published for aescrypt (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database