Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,422 advisories

Loading
Persistent Cross-Site scripting in Nexus Repository Manager Moderate
CVE-2020-10203 was published for org.sonatype.nexus:nexus-core (Maven) Apr 14, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-11002 was published for io.dropwizard:dropwizard-validation (Maven) Apr 10, 2020
pwntester
Credited to pwntester
Open Redirect in ecstatic High
GHSA-9q64-mpxx-87fg was published for ecstatic (npm) Apr 1, 2020
Cross-Site Scripting in seeftl High
CVE-2019-15603 was published for seeftl (npm) Apr 1, 2020
Cross-Site Scripting in BookStack Moderate
CVE-2020-11055 was published for ssddanbrown/bookstack (Composer) May 7, 2020
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
Negative charge in shopping cart in Shopizer Critical
CVE-2020-11007 was published for com.shopizer:sm-core-model (Maven) Apr 22, 2020
XSS in TinyMCE Moderate
CVE-2019-1010091 was published for tinymce (npm) May 11, 2020
XSS in Dolibarr Moderate
CVE-2020-13094 was published for dolibarr/dolibarr (Composer) May 21, 2020
SQL injection in Centreon Critical
CVE-2019-16194 was published for centreon/centreon (Composer) Feb 11, 2020
codecov NPM module allows remote attackers to execute arbitrary commands High
CVE-2020-7597 was published for codecov (npm) Feb 19, 2020
Holder can generate proof of ownership for credentials it does not control in vp-toolkit High
GHSA-ff5x-w9wg-h275 was published for vp-toolkit (npm) Mar 6, 2020
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar Moderate
CVE-2020-11094 was published for rainlab/debugbar-plugin (Composer) Jun 3, 2020
vogon101
Credited to vogon101
DoS via malicious record IDs in WatermelonDB Moderate
CVE-2020-4035 was published for @nozbe/watermelondb (npm) Jun 3, 2020
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Credited to mixmix, christianbundy, arj03, staltz, and cryptix
Reflected XSS in GraphQL Playground High
CVE-2020-4038 was published for graphql-playground-html (npm) Jun 9, 2020
Cross-site scripting in PHPMailer Moderate
CVE-2017-11503 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
SMTP Injection in PHPMailer Low
CVE-2015-8476 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit High
GHSA-p94w-42g3-f7h4 was published for vp-toolkit (npm) Mar 6, 2020
Remote Code Execution Through Image Uploads in BookStack High
CVE-2020-5256 was published for ssddanbrown/bookstack (Composer) Mar 13, 2020
inc0x0 thiagomayllart
Credited to inc0x0 and thiagomayllart
Moderate severity vulnerability that affects actionpack Moderate
GHSA-23v3-qfrj-wmgh was published for actionpack (RubyGems) Sep 17, 2018 withdrawn
Path Traversal in statics-server Moderate
CVE-2019-15596 was published for statics-server (npm) Mar 31, 2020
Cross-Site Scripting in sanitize-html Moderate
CVE-2016-1000237 was published for sanitize-html (npm) Apr 16, 2020
Cross-Site Scripting in fileview High
CVE-2019-15602 was published for fileview (npm) Apr 1, 2020
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database