Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,262
NuGet
760
pip
4,058
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,580 advisories

Loading
Moderate severity vulnerability that affects org.apache.ranger:ranger Moderate
CVE-2017-7677 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Electron protocol handler browser vulnerable to Command Injection High
CVE-2018-1000118 was published for electron (npm) Mar 26, 2018
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0771 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
High severity vulnerability that affects DotNetNuke.Core High
CVE-2017-0929 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
Sensitive Data Exposure in parse-server Moderate
CVE-2019-1020013 was published for parse-server (npm) Jul 11, 2019
fastrde acinader
Credited to fastrde and acinader
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2017-12161 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main Moderate
CVE-2017-3166 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Moderate severity vulnerability that affects rack-mini-profiler Moderate
GHSA-995j-587r-259w was published for rack-mini-profiler (RubyGems) Aug 13, 2018 withdrawn
SQL Injection in sequelize High
CVE-2016-10550 was published for sequelize (npm) Feb 18, 2019
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack High
CVE-2018-11796 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Timing Attack in csrf-lite High
CVE-2016-10535 was published for csrf-lite (npm) Feb 18, 2019
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle Moderate
CVE-2019-9658 was published for com.puppycrawl.tools:checkstyle (Maven) Mar 14, 2019
Downloads Resources over HTTP in node-bsdiff-android High
CVE-2016-10641 was published for node-bsdiff-android (npm) Sep 18, 2018
SQL Injection in query-mysql High
CVE-2018-3754 was published for query-mysql (npm) Sep 10, 2018
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf Moderate
CVE-2016-8750 was published for org.apache.karaf:apache-karaf (Maven) Jan 7, 2019
VBScript Content Injection in marked Moderate
CVE-2015-1370 was published for marked (npm) Oct 24, 2017
Downloads Resources over HTTP in haxeshim High
CVE-2016-10692 was published for haxeshim (npm) Jul 31, 2018
Downloads Resources over HTTP in prince High
CVE-2016-10591 was published for prince (npm) Feb 18, 2019
Moderate severity vulnerability that affects marked Moderate
CVE-2017-17461 was published for marked (npm) Jan 4, 2018 withdrawn
Directory Traversal in bitty Moderate
CVE-2016-10561 was published for bitty (npm) Feb 18, 2019
Downloads Resources over HTTP in geoip-lite-country High
CVE-2016-10568 was published for geoip-lite-country (npm) Feb 18, 2019
Cross-Site Scripting in morris.js Moderate
CVE-2017-16022 was published for morris.js (npm) Nov 9, 2018
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
Cross-Site Scripting in buttle High
CVE-2019-5422 was published for buttle (npm) Apr 8, 2019
Downloads Resources over HTTP in haxe High
CVE-2016-10602 was published for haxe (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database