GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,653
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Memory flaw in zeroize_derive
Critical
CVE-2021-45706
was published
for
zeroize_derive
(Rust)
Jan 6, 2022
Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability
Critical
CVE-2022-45347
was published
for
org.apache.shardingsphere:shardingsphere-proxy
(Maven)
Dec 22, 2022
Resource leakage when decoding certificates and keys
High
CVE-2022-1473
was published
for
openssl-src
(Rust)
May 4, 2022
redis-py Race Condition due to incomplete fix
Moderate
CVE-2023-28859
was published
for
redis
(pip)
Mar 26, 2023
Spring Security logout not clearing security context
Moderate
CVE-2023-20862
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 19, 2023
Upgrading doesn't prevent exploiting vulnerable XWiki documents
Critical
CVE-2023-36468
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 30, 2023
Apache Tomcat Incomplete Cleanup vulnerability
Moderate
CVE-2023-42794
was published
for
org.apache.tomcat:tomcat
(Maven)
Oct 10, 2023
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
High
CVE-2023-41835
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 5, 2023
Flarum mishandles invalidation of user email tokens
High
CVE-2019-11514
was published
for
flarum/flarum
(Composer)
May 24, 2022
Apache Tomcat Incomplete Cleanup vulnerability
Moderate
CVE-2023-42795
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 10, 2023
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Moderate
CVE-2024-23672
was published
for
org.apache.tomcat.embed:tomcat-embed-websocket
(Maven)
Mar 13, 2024
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Moderate
CVE-2020-10685
was published
for
ansible
(pip)
Apr 7, 2021
ProTip!
Advisories are also available from the
GraphQL API