GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+
301,629 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.tika:tika-core
Moderate
CVE-2018-1338
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0639
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Moderate severity vulnerability that affects actionview
Moderate
GHSA-6834-r92f-jj42
was published
for
actionview
(RubyGems)
Sep 17, 2018
•
withdrawn
Authentication Bypass in passport-azure-ad
High
CVE-2016-7191
was published
for
passport-azure-ad
(npm)
Jul 26, 2018
Downloads Resources over HTTP in mongodb-instance
High
CVE-2016-10572
was published
for
mongodb-instance
(npm)
Feb 18, 2019
High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua
High
CVE-2018-12086
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character
Critical
CVE-2017-7676
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
XSS Filter Bypass via Encoded URL in validator
Moderate
CVE-2014-9772
was published
for
validator
(npm)
Nov 6, 2018
Cross-Site Scripting in keystone
Moderate
CVE-2017-15878
was published
for
keystone
(npm)
Nov 15, 2017
Path Traversal in http-live-simulator
High
CVE-2018-16479
was published
for
http-live-simulator
(npm)
Feb 7, 2019
`CHECK` failure in `SobolSample` via missing validation
Low
GHSA-cqvq-fvhr-v6hc
was published
for
tensorflow
(pip)
Nov 21, 2022
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
Low
GHSA-xf83-q765-xm6m
was published
for
tensorflow
(pip)
Nov 21, 2022
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-7521
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Insecure Default Configuration in airbrake
Moderate
CVE-2016-10530
was published
for
airbrake
(npm)
Feb 18, 2019
Downloads Resources over HTTP in curses
High
CVE-2016-10615
was published
for
curses
(npm)
Feb 18, 2019
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Moderate
CVE-2018-1000023
was published
for
insight-api
(npm)
Mar 5, 2018
Moderate severity vulnerability that affects actionview
Moderate
GHSA-2pwf-xwr3-hp55
was published
for
actionview
(RubyGems)
Aug 13, 2018
•
withdrawn
Downloads Resources over HTTP in operadriver
High
CVE-2016-10565
was published
for
operadriver
(npm)
Feb 18, 2019
Verification Bypass in jsonwebtoken
Critical
CVE-2015-9235
was published
for
jsonwebtoken
(npm)
Oct 9, 2018
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
High
CVE-2018-11778
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Downloads Resources over HTTP in macaca-chromedriver-zxa
High
CVE-2016-10623
was published
for
macaca-chromedriver-zxa
(npm)
Feb 18, 2019
Downloads Resources over HTTP in box2d-native
High
CVE-2016-10617
was published
for
box2d-native
(npm)
Feb 18, 2019
High severity vulnerability that affects qs
High
GHSA-crvj-3gj9-gm2p
was published
for
qs
(npm)
Oct 9, 2018
•
withdrawn
Moderate severity vulnerability that affects archive-tar-minitar and minitar
Moderate
GHSA-cwp3-834g-x79g
was published
for
archive-tar-minitar
(RubyGems)
Aug 21, 2018
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API