Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,422 advisories

Loading
Cross Site Scripting (XSS) in plotly.js Moderate
CVE-2017-1000006 was published for plotly.js (npm) Oct 24, 2017
Directory Traversal in geddy High
CVE-2015-5688 was published for geddy (npm) Oct 24, 2017
Moderate severity vulnerability that affects mustache Moderate
GHSA-3233-rgx3-c2wh was published for mustache (npm) Oct 9, 2018 withdrawn
Moderate severity vulnerability that affects activesupport Moderate
GHSA-35c4-f3rq-f9g3 was published for activesupport (RubyGems) Sep 17, 2018 withdrawn
ASP.NET Core allow an elevation of privilege High
CVE-2018-0787 was published for Microsoft.AspNetCore.HttpOverrides (NuGet) Oct 16, 2018
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
Path Traversal in total.js High
CVE-2019-8903 was published for total.js (npm) Feb 20, 2019
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv Moderate
GHSA-3m2r-q8x3-xmf7 was published for Microsoft.AspNetCore.All (NuGet) Oct 16, 2018
Downloads Resources over HTTP in scala-bin High
CVE-2016-10627 was published for scala-bin (npm) Feb 18, 2019
Denial of Service in nes High
CVE-2017-16025 was published for nes (npm) Jul 24, 2018
Critical severity vulnerability that affects slpjs Critical
CVE-2019-16762 was published for slpjs (npm) Nov 15, 2019
Downloads Resources over HTTP in ntfserver High
CVE-2016-10650 was published for ntfserver (npm) Feb 18, 2019
High severity vulnerability that affects org.apache.pdfbox:pdfbox High
CVE-2016-2175 was published for org.apache.pdfbox:pdfbox (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.juddi:juddi-client Moderate
CVE-2015-5241 was published for org.apache.juddi:juddi-client (Maven) Oct 16, 2018
SQL injection vulnerability in the policy admin tool in Apache Ranger High
CVE-2016-2174 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Downloads Resources over HTTP in massif High
CVE-2016-10682 was published for massif (npm) Feb 18, 2019
High severity vulnerability that affects org.dspace:dspace-xmlui High
CVE-2016-10726 was published for org.dspace:dspace-xmlui (Maven) Oct 19, 2018
Downloads Resources over HTTP in haxe3 High
CVE-2016-10688 was published for haxe3 (npm) Aug 17, 2018
Potential SQL Injection in sequelize High
CVE-2016-10553 was published for sequelize (npm) Feb 18, 2019
Downloads Resources over HTTP in webdriver-launcher High
CVE-2016-10651 was published for webdriver-launcher (npm) Feb 18, 2019
Downloads Resources over HTTP in jser-stat Moderate
CVE-2016-10592 was published for jser-stat (npm) Feb 18, 2019
Low severity vulnerability that affects Gw2Sharp Low
GHSA-4vr3-9v7h-5f8v was published for Gw2Sharp (NuGet) Jun 18, 2019
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7453 was published for validator (npm) Oct 24, 2017
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate Moderate
CVE-2018-10936 was published for org.postgresql:pgjdbc-aggregate (Maven) Oct 19, 2018
Regular Expression Denial of Service in ssri Moderate
CVE-2018-7651 was published for ssri (npm) Mar 7, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database