GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Moderate
GHSA-6rg3-8h8x-5xfv
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers...
Critical
Unreviewed
CVE-2015-2947
was published
May 17, 2022
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix
Moderate
CVE-2020-5412
was published
for
org.springframework.cloud:spring-cloud-netflix
(Maven)
Apr 30, 2021
Confused Deputy in Kubernetes
Moderate
CVE-2020-8561
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
Confused Deputy in Kubernetes
Low
CVE-2021-25740
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an...
High
Unreviewed
CVE-2019-3924
was published
May 13, 2022
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to...
Moderate
Unreviewed
CVE-2018-12182
was published
May 14, 2022
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0...
Moderate
Unreviewed
CVE-2018-16598
was published
May 14, 2022
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary...
Critical
Unreviewed
CVE-2021-20042
was published
Dec 9, 2021
Jenkins Publisher Over CIFS Plugin confused deputy vulnerability
Moderate
CVE-2018-1999038
was published
for
org.jenkins-ci.plugins:publish-over-cifs
(Maven)
May 14, 2022
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Moderate
CVE-2024-34068
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated...
High
Unreviewed
CVE-2024-30128
was published
Sep 25, 2024
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users...
Moderate
Unreviewed
CVE-2024-0387
was published
Feb 26, 2024
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a...
High
Unreviewed
CVE-2024-31319
was published
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API