GitHub Advisory Database
The latest security vulnerabilities from the world of open source software.
GitHub reviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
484
Go
231
Maven
883
npm
2,173
NuGet
155
pip
863
RubyGems
432
Rust
329
5,521 advisories
Filter by severity
Path Traversal in com.linecorp.armeria:armeria
High
CVE-2021-43795
was published
for
com.linecorp.armeria:armeria
(Maven)
Dec 2, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
Critical
CVE-2019-0230
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 2, 2021
Incorrect Permission Assignment for Critical Resource in HashiCorp Vault
Critical
CVE-2021-43998
was published
for
github.com/hashicorp/vault
(Go)
Dec 2, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4026
was published
for
ssddanbrown/bookstack
(Composer)
Dec 1, 2021
Path traversal in translator module in NodeBB
Moderate
CVE-2021-43788
was published
for
nodebb
(npm)
Nov 30, 2021
XSS via prototype pollution in NodeBB
Critical
CVE-2021-43787
was published
for
nodebb
(npm)
Nov 30, 2021
API token verification can be bypassed in NodeBB
Critical
CVE-2021-43786
was published
for
nodebb
(npm)
Nov 30, 2021
S3Scanner before 2.0.2 allows Directory Traversal
Moderate
CVE-2021-32061
was published
for
s3scanner
(pip)
Nov 30, 2021
SQL Injection in rosariosis
Critical
CVE-2021-44427
was published
for
francoisjacquet/rosariosis
(Composer)
Dec 2, 2021
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Moderate
GHSA-fxwm-rx68-p5vx
was published
for
ezsystems/ezplatform-richtext
(Composer)
Dec 1, 2021
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Moderate
GHSA-9jp8-cwwx-p64q
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Dec 1, 2021
Improper Neutralization of Formula Elements in a CSV File in html-2-csv
Moderate
CVE-2021-23654
was published
for
html-2-csv
(pip)
Nov 30, 2021
Path Traversal in @backstage/plugin-scaffolder-backend
High
CVE-2021-43783
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Dec 1, 2021
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
High
CVE-2021-43785
was published
for
@joeattardi/emoji-button
(npm)
Dec 1, 2021
RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend
High
GHSA-2g8g-63j4-9w3r
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Dec 1, 2021
Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend
High
CVE-2021-43776
was published
for
@backstage/plugin-auth-backend
(npm)
Dec 1, 2021
Potential Zip Slip Vulnerability in baserCMS
High
CVE-2021-41279
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Critical
CVE-2021-41243
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
ReDoS in LDAP schema parser
Moderate
GHSA-r8wq-qrxc-hmcm
was published
for
python-ldap
(pip)
Nov 29, 2021
Incorrect Default Permissions in Apache JSPWiki
Critical
CVE-2021-44140
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Nov 29, 2021
Cross-site Scripting in github.com/schollz/rwtxt
Moderate
CVE-2021-20848
was published
for
github.com/schollz/rwtxt
(Go)
Nov 29, 2021
Cross-site Scripting in Apache JSPWiki
Moderate
CVE-2021-40369
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Dec 2, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40828
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
ProTip!
Advisories are also available from the
GraphQL API

