GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,029
Maven
5,000+
npm
3,731
NuGet
662
pip
3,408
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Moderate
CVE-2020-10685
was published
for
ansible
(pip)
Apr 7, 2021
Memory flaw in zeroize_derive
Critical
CVE-2021-45706
was published
for
zeroize_derive
(Rust)
Jan 6, 2022
Resource leakage when decoding certificates and keys
High
CVE-2022-1473
was published
for
openssl-src
(Rust)
May 4, 2022
Flarum mishandles invalidation of user email tokens
High
CVE-2019-11514
was published
for
flarum/flarum
(Composer)
May 24, 2022
Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability
Critical
CVE-2022-45347
was published
for
org.apache.shardingsphere:shardingsphere-proxy
(Maven)
Dec 22, 2022
redis-py Race Condition due to incomplete fix
High
CVE-2023-28859
was published
for
redis
(pip)
Mar 26, 2023
Spring Security logout not clearing security context
Moderate
CVE-2023-20862
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 19, 2023
Upgrading doesn't prevent exploiting vulnerable XWiki documents
Critical
CVE-2023-36468
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 30, 2023
Apache Tomcat Incomplete Cleanup vulnerability
Moderate
CVE-2023-42795
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 10, 2023
Apache Tomcat Incomplete Cleanup vulnerability
Moderate
CVE-2023-42794
was published
for
org.apache.tomcat:tomcat
(Maven)
Oct 10, 2023
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
High
CVE-2023-41835
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 5, 2023
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Moderate
CVE-2024-23672
was published
for
org.apache.tomcat.embed:tomcat-embed-websocket
(Maven)
Mar 13, 2024
ProTip!
Advisories are also available from the
GraphQL API