Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

305,925 advisories

Loading
Pysaml2 improperly initializes encryption vector Moderate
CVE-2017-1000246 was published for pysaml2 (pip) Jul 16, 2018
zmthy
Credited to zmthy
Code Execution Through IIFE in serialize-to-js Critical
CVE-2017-5954 was published for serialize-to-js (npm) Jul 18, 2018
tdunlap607
Credited to tdunlap607
Code Execution through IIFE in node-serialize Critical
CVE-2017-5941 was published for node-serialize (npm) Jul 18, 2018
Command Injection in dns-sync Critical
CVE-2017-16100 was published for dns-sync (npm) Jul 18, 2018
Sandbox Breakout in safe-eval Critical
CVE-2017-16088 was published for safe-eval (npm) Jul 18, 2018
Withdrawn Advisory: mariadb was malware High
CVE-2017-16046 was published for mariadb (npm) Jul 18, 2018 withdrawn
Unsafe deserialization in confire Critical
CVE-2017-16763 was published for confire (pip) Jul 18, 2018
Information Exposure on Case Insensitive File Systems in serve Moderate
CVE-2018-3809 was published for serve (npm) Jul 18, 2018
Cross-site Scripting (XSS) - Stored in crud-file-server Moderate
CVE-2018-3726 was published for crud-file-server (npm) Jul 18, 2018
Open Redirect in hekto Moderate
CVE-2018-3743 was published for hekto (npm) Jul 18, 2018
Path Traversal in stattic High
CVE-2018-3734 was published for stattic (npm) Jul 18, 2018
Path Traversal in crud-file-server High
CVE-2018-3733 was published for crud-file-server (npm) Jul 18, 2018
Path Traversal in resolve-path High
CVE-2018-3732 was published for resolve-path (npm) Jul 18, 2018
Path Traversal in public High
CVE-2018-3731 was published for public (npm) Jul 18, 2018
Denial of Service vulnerability with large JSON payloads in fastify High
CVE-2018-3711 was published for fastify (npm) Jul 18, 2018
RDIL
Credited to RDIL
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input High
CVE-2017-16138 was published for mime (npm) Jul 20, 2018
rsalvo77 tdunlap607
Credited to rsalvo77 and tdunlap607
Invalid Curve Attack in node-jose Moderate
CVE-2017-16007 was published for node-jose (npm) Jul 20, 2018
tdunlap607
Credited to tdunlap607
Kcapifony gem for Ruby places database user passwords on the command line High
CVE-2014-5001 was published for kcapifony (RubyGems) Jul 23, 2018
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink Moderate
CVE-2014-5003 was published for ciborg (RubyGems) Jul 23, 2018
Low severity vulnerability that affects sensu Low
CVE-2018-1000060 was published for sensu (RubyGems) Jul 23, 2018 withdrawn
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
feedparser denial of service vulnerability High
CVE-2011-1156 was published for feedparser (pip) Jul 23, 2018
Django-piston and Django-tastypie do not properly deserialize YAML data Critical
CVE-2011-4103 was published for django-piston (pip) Jul 23, 2018
Plone Denial of Service vulnerability High
CVE-2011-4462 was published for Plone (pip) Jul 23, 2018
Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool Moderate
CVE-2011-1948 was published for Plone (pip) Jul 23, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database