Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,419 advisories

Loading
Cross-Site Scripting (XSS) in Verdaccio Moderate
CVE-2019-14772 was published for verdaccio (npm) May 29, 2019
evilpacket
Credited to evilpacket
Introspection in schema validation in Apollo Server Moderate
GHSA-w42g-7vfc-xf37 was published for apollo-server (npm) Jun 5, 2020
Use of insecure jQuery version in OctoberCMS Moderate
GHSA-v73w-r9xg-7cr9 was published for october/october (Composer) Jun 5, 2020
mrgswift
Credited to mrgswift
Information disclosure in JBoss Weld Moderate
CVE-2014-8122 was published for org.jboss.weld:weld-core-bom (Maven) Jun 10, 2020
Deserialization of Untrusted Data in jackson-databind High
GHSA-wrr7-33fx-rcvj was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020 withdrawn
Validation Bypass in slp-validate Critical
CVE-2019-16761 was published for slp-validate (npm) Nov 15, 2019
Improper Input Validation in Symfony Critical
CVE-2019-11325 was published for symfony/symfony (Composer) Feb 12, 2020
URL Redirection to Untrusted Site (Open Redirect) in Ktor Moderate
CVE-2019-19703 was published for io.ktor:ktor-client-core (Maven) Feb 12, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions Critical
CVE-2019-19634 was published for verot/class.upload.php (Composer) Feb 28, 2020
Sanitizer bypass in svg-sanitizer Moderate
CVE-2019-10772 was published for enshrined/svg-sanitize (Composer) Feb 27, 2020
Private data exposure via REST API in BuddyPress High
CVE-2020-5244 was published for buddypress/buddypress (Composer) Feb 24, 2020
Local file disclosure in PHPMailer Moderate
CVE-2017-5223 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Credited to davimacedo
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used Low
GHSA-mr6r-mvw4-736g was published for vyper (pip) Mar 25, 2020
montyly
Credited to montyly
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) Moderate
GHSA-7fhm-mqm4-2wp7 was published for acorn (npm) Mar 13, 2020 withdrawn
CSRF and DNS Rebinding in Oasis Moderate
CVE-2020-11003 was published for @fraction/oasis (npm) Apr 16, 2020
christianbundy zozs
Credited to christianbundy and zozs
Read permissions not enforced for client provided filter expressions in Elide. High
CVE-2020-5289 was published for com.yahoo.elide:elide-core (Maven) Mar 30, 2020
Resources Downloaded over Insecure Protocol in igniteui Low
CVE-2016-10552 was published for igniteui (npm) Feb 18, 2019
Downloads Resources over HTTP in alto-saxophone High
CVE-2016-10694 was published for alto-saxophone (npm) Jul 31, 2018
Prototype Pollution Protection Bypass in qs High
CVE-2017-1000048 was published for qs (npm) Apr 30, 2020
Downloads Resources over HTTP in selenium-download High
CVE-2016-10559 was published for selenium-download (npm) Feb 18, 2019
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service Moderate
CVE-2017-12625 was published for org.apache.hive:hive (Maven) Mar 14, 2019
Downloads Resources over HTTP in cmake High
CVE-2016-10642 was published for cmake (npm) Aug 15, 2018
Path Traversal in simplehttpserver High
CVE-2018-16493 was published for static-resource-server (npm) Feb 7, 2019
Internal exception message exposure for login action in Sylius Low
CVE-2019-16768 was published for sylius/sylius (Composer) Dec 5, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database