Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,537 advisories

Loading
Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API Moderate
CVE-2021-21027 was published for magento/community-edition (Composer) May 24, 2022
Magento Blind SQL Injection in the Search module Critical
CVE-2021-21024 was published for magento/community-edition (Composer) May 24, 2022
Magento XML injection in the Widgets module Critical
CVE-2021-21019 was published for magento/community-edition (Composer) May 24, 2022
Magento Reflected Cross-site Scripting vulnerability via 'file' parameter Moderate
CVE-2021-21029 was published for magento/community-edition (Composer) May 24, 2022
Magento Improper Access Control Moderate
CVE-2021-21020 was published for magento/community-edition (Composer) May 24, 2022
Magento XPath Injection Critical
CVE-2021-21025 was published for magento/community-edition (Composer) May 24, 2022
Magento vulnerable to a file upload restriction bypass Critical
CVE-2021-21014 was published for magento/community-edition (Composer) May 24, 2022
Magento OS Command Injection Critical
CVE-2021-21018 was published for magento/community-edition (Composer) May 24, 2022
Magento OS command injection via the WebAPI Critical
CVE-2021-21016 was published for magento/community-edition (Composer) May 24, 2022
Magento OS command injection via the customer attribute save controller High
CVE-2021-21015 was published for magento/community-edition (Composer) May 24, 2022
insert_slice_clone can double drop if Clone panics. Moderate
CVE-2021-26954 was published for qwutils (Rust) May 24, 2022
Insertion of Sensitive Information into Log File in Elasticsearch Moderate
CVE-2020-7021 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Incorrect Default Permissions in JetBrains Kotlin Moderate
CVE-2020-29582 was published for org.jetbrains.kotlin:kotlin-stdlib (Maven) May 24, 2022
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration High
CVE-2021-20187 was published for moodle/moodle (Composer) May 24, 2022
Moodle Grade information disclosure in grade's external fetch functions Moderate
CVE-2021-20184 was published for moodle/moodle (Composer) May 24, 2022
Moodle Cross-site Scripting Moderate
CVE-2021-20186 was published for moodle/moodle (Composer) May 24, 2022
Moodle Vulnerable to Reflected Cross-site Scripting Moderate
CVE-2021-20183 was published for moodle/moodle (Composer) May 24, 2022
Moodle Client side denial of service via personal message Moderate
CVE-2021-20185 was published for moodle/moodle (Composer) May 24, 2022
Codiad Vulnerable to PHP Magic Hash Vulnerability High
CVE-2020-23355 was published for codiad/codiad (Composer) May 24, 2022
Zen Cart vulnerable to authenticated remote code execution High
CVE-2021-3291 was published for zencart/zencart (Composer) May 24, 2022
CKEditor 4 ReDoS Vulnerability Moderate
CVE-2021-26271 was published for ckeditor4-dev (npm) May 24, 2022
Buffer overflow in SmallVec::insert_many Critical
CVE-2021-25900 was published for smallvec (Rust) May 24, 2022
tdunlap607
Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins Moderate
CVE-2021-21615 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Async-h1 request smuggling possible with long unread bodies Moderate
CVE-2020-36202 was published for async-h1 (Rust) May 24, 2022
CakePHP allows method override parameters to bypass CSRF checks High
CVE-2020-35239 was published for cakephp/cakephp (Composer) May 24, 2022
ravage84
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database