GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
Information disclosure in JBoss Weld
Moderate
CVE-2014-8122
was published
for
org.jboss.weld:weld-core-bom
(Maven)
Jun 10, 2020
Moderate severity vulnerability that affects Plone and Zope2
Moderate
CVE-2012-5507
was published
for
Plone
(pip)
Jul 23, 2018
ECDSA signature vulnerability of Minerva timing attack in jsrsasign
Moderate
GHSA-g753-jx37-7xwh
was published
for
jsrsasign
(npm)
Jun 30, 2020
Data races in model
Moderate
GHSA-8q64-wrfr-q48c
was published
for
model
(Rust)
Aug 25, 2021
•
withdrawn
Data races in unicycle
Moderate
GHSA-7mg7-m5c3-3hqj
was published
for
unicycle
(Rust)
Aug 25, 2021
•
withdrawn
Singleton lacks bounds on Send and Sync.
Moderate
GHSA-vj88-5667-w56p
was published
for
ruspiro-singleton
(Rust)
Aug 25, 2021
•
withdrawn
Send/Sync bound needed on T for Send/Sync impl of RcuCell<T>
Moderate
GHSA-jh2g-xhqq-x4w9
was published
for
rcu_cell
(Rust)
Aug 25, 2021
•
withdrawn
MvccRwLock allows data races & aliasing violations
Moderate
GHSA-mgg8-9pvp-6qcw
was published
for
noise_search
(Rust)
Aug 25, 2021
•
withdrawn
Data races in generator
Moderate
GHSA-h6gg-fvf5-qgwf
was published
for
generator
(Rust)
Aug 25, 2021
•
withdrawn
Queue<T> should have a Send bound on its Send/Sync traits
Moderate
GHSA-v42f-j8fx-99f3
was published
for
scottqueue
(Rust)
Aug 25, 2021
•
withdrawn
Multiple memory safety issues in actix-web
Moderate
GHSA-w65j-g6c7-g3m4
was published
for
actix-web
(Rust)
Aug 25, 2021
cookie-signature Timing Attack
Moderate
CVE-2016-1000236
was published
for
cookie-signature
(npm)
Jan 6, 2020
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
Moderate
CVE-2011-2731
was published
for
org.springframework.security:spring-security-core
(Maven)
May 17, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch
Moderate
CVE-2019-7614
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Uncaught Exception (due to a data race) leads to process termination in Waitress
Moderate
CVE-2022-31015
was published
for
waitress
(pip)
Jun 2, 2022
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
Moderate
CVE-2009-5011
was published
for
pyftpdlib
(pip)
May 2, 2022
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
Moderate
CVE-2009-5010
was published
for
pyftpdlib
(pip)
May 2, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib
Moderate
CVE-2010-3494
was published
for
pyftpdlib
(pip)
May 17, 2022
ansible-runner 2.0.0 vulnerable to Race Condition
Moderate
CVE-2021-3702
was published
for
ansible-runner
(pip)
Aug 24, 2022
efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts
Moderate
CVE-2022-46174
was published
for
github.com/kubernetes-sigs/aws-efs-csi-driver
(Go)
Dec 30, 2022
undertow Race Condition vulnerability
Moderate
CVE-2021-3597
was published
for
io.undertow:undertow-core
(Maven)
May 25, 2022
Data races in noise_search
Moderate
CVE-2020-36461
was published
for
noise_search
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API