Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,630 advisories

Loading
Downloads Resources over HTTP in healthcenter High
CVE-2016-10684 was published for healthcenter (npm) Feb 18, 2019
Downloads Resources over HTTP in macaca-chromedriver High
CVE-2016-10586 was published for macaca-chromedriver (npm) Feb 18, 2019
Moderate severity vulnerability that affects total.js Moderate
CVE-2019-10260 was published for total.js (npm) Apr 2, 2019
Cross-Site Scripting in keystone Moderate
CVE-2017-15881 was published for keystone (npm) Nov 16, 2017
Downloads Resources over HTTP in unicode-json High
CVE-2016-10610 was published for unicode-json (npm) Feb 18, 2019
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password Critical
CVE-2016-0733 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Downloads Resources over HTTP in mystem-fix High
CVE-2016-10698 was published for mystem-fix (npm) Jul 27, 2018
Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua Moderate
CVE-2018-12087 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 16, 2018
Downloads Resources over HTTP in libxl High
CVE-2016-10585 was published for libxl (npm) Feb 18, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0611 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Downloads Resources over HTTP in iedriver High
CVE-2016-10562 was published for iedriver (npm) Feb 18, 2019
Downloads Resources over HTTP in node-thulac High
CVE-2016-10640 was published for node-thulac (npm) Feb 18, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0769 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Route Validation Bypass in call Moderate
CVE-2016-10543 was published for call (npm) Feb 18, 2019
High severity vulnerability that affects festivaltts4r High
GHSA-9wv8-jgw4-4g28 was published for festivaltts4r (RubyGems) Aug 15, 2018 withdrawn
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 High
CVE-2018-16131 was published for com.typesafe.akka:akka-http-core_2.11 (Maven) Oct 22, 2018
Cross-Site Scripting in handlebars Moderate
CVE-2015-8861 was published for handlebars (npm) Oct 23, 2018
Moderate severity vulnerability that affects is-my-json-valid Moderate
GHSA-ccq6-3qx5-vmqx was published for is-my-json-valid (npm) Jul 31, 2018 withdrawn
Missing Origin Validation in webpack-dev-server High
CVE-2018-14732 was published for webpack-dev-server (npm) Jan 4, 2019
NikoRaisanen
Credited to NikoRaisanen
Downloads Resources over HTTP in grunt-ccompiler High
CVE-2016-10636 was published for grunt-ccompiler (npm) Feb 18, 2019
SQL Injection in waterline-sequel High
CVE-2016-10551 was published for waterline-sequel (npm) Feb 18, 2019
Downloads Resources over HTTP in haxe-dev High
CVE-2016-10637 was published for haxe-dev (npm) Feb 18, 2019
Arbitrary Code Injection in pouchdb Critical
CVE-2016-10546 was published for pouchdb (npm) Jul 26, 2018
High severity vulnerability that affects gun High
GHSA-886v-mm6p-4m66 was published for gun (npm) Jun 5, 2019
JK0N
Credited to JK0N
Moderate severity vulnerability that affects org.apache.ignite:ignite-core Moderate
CVE-2016-6805 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database