Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,518 advisories

Loading
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core Moderate
GHSA-cgpw-2gph-2r9g was published for Microsoft.AspNetCore.All (NuGet) Oct 16, 2018
Moderate severity vulnerability that affects safemode Moderate
GHSA-44vc-fpcg-5cc5 was published for safemode (RubyGems) Aug 8, 2018 withdrawn
High severity vulnerability that affects PeterO.Cbor High
GHSA-cxw4-9qv9-vx5h was published for PeterO.Cbor (NuGet) Sep 30, 2019
Moderate severity vulnerability that affects org.apache.qpid:proton-j Moderate
CVE-2016-2166 was published for org.apache.qpid:proton-j (Maven) Oct 16, 2018
Denial-of-Service Extended Event Loop Blocking in qs High
CVE-2014-10064 was published for qs (npm) Oct 9, 2018
Cross-Site Scripting in nunjucks Moderate
CVE-2016-10547 was published for nunjucks (npm) Nov 6, 2018
Arbitrary Code Injection in reduce-css-calc Critical
CVE-2016-10548 was published for reduce-css-calc (npm) Jun 7, 2018
Moderate severity vulnerability that affects io.undertow:undertow-core Moderate
CVE-2017-2670 was published for io.undertow:undertow-core (Maven) Oct 19, 2018
Downloads Resources over HTTP in sfml High
CVE-2016-10654 was published for sfml (npm) Feb 18, 2019
Moderate severity vulnerability that affects actionpack Moderate
GHSA-5xmj-wm96-fmw8 was published for actionpack (RubyGems) Sep 17, 2018 withdrawn
Downloads Resources over HTTP in co-cli-installer High
CVE-2016-10657 was published for co-cli-installer (npm) Feb 18, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0592 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Denial of Service in mqtt-packet High
CVE-2016-10523 was published for mqtt-packet (npm) Feb 18, 2019
Downloads Resources over HTTP in tomita High
CVE-2016-10662 was published for tomita (npm) Feb 18, 2019
Downloads Resources over HTTP in fis-parser-sass-bin High
CVE-2016-10660 was published for fis-parser-sass-bin (npm) Feb 18, 2019
Symlink Arbitrary File Overwrite in tar High
CVE-2015-8860 was published for tar (npm) Oct 24, 2017
High severity vulnerability that affects electron High
CVE-2016-1202 was published for electron (npm) Oct 24, 2017
Downloads Resources over HTTP in air-sdk High
CVE-2016-10603 was published for air-sdk (npm) Feb 18, 2019
Moderate severity vulnerability that affects io.vertx:vertx-core Moderate
CVE-2018-12537 was published for io.vertx:vertx-core (Maven) Oct 19, 2018
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Critical
CVE-2018-15531 was published for net.bull.javamelody:javamelody-core (Maven) Oct 17, 2018
Keystone is vulnerable to CSV injection High
CVE-2017-15879 was published for keystone (npm) Nov 16, 2017
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
Denial of Service in mqtt Moderate
CVE-2017-10910 was published for mqtt (npm) Dec 28, 2017
Downloads Resources over HTTP in kindlegen High
CVE-2016-10575 was published for kindlegen (npm) Feb 18, 2019
Downloads Resources over HTTP in nw High
CVE-2016-10588 was published for nw (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database