GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+
301,639 advisories
Filter by severity
Moderate severity vulnerability that affects rails-html-sanitizer
Moderate
GHSA-mrhj-2g4v-39qx
was published
for
rails-html-sanitizer
(RubyGems)
Sep 17, 2018
•
withdrawn
Potential Command Injection in codem-transcode
High
CVE-2013-7377
was published
for
codem-transcode
(npm)
Nov 28, 2017
Downloads Resources over HTTP in jstestdriver
High
CVE-2016-10643
was published
for
jstestdriver
(npm)
Aug 15, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2017-1000500
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
•
withdrawn
Regular Expression Denial of Service in parsejson
High
CVE-2017-16113
was published
for
parsejson
(npm)
Jul 24, 2018
Cross-Site Request Forgery (CSRF) in keystone
High
CVE-2017-16570
was published
for
keystone
(npm)
Nov 30, 2017
Downloads Resources over HTTP in windows-iedriver
High
CVE-2016-10689
was published
for
windows-iedriver
(npm)
Feb 18, 2019
Downloads Resources over HTTP in install-g-test
High
CVE-2016-10630
was published
for
install-g-test
(npm)
Feb 18, 2019
The installation wizard in DotNetNuke (DNN) allows privilege escalation
Critical
CVE-2015-2794
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user
High
CVE-2017-9799
was published
for
org.apache.storm:storm-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Moderate
CVE-2016-5395
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed
High
CVE-2018-1000210
was published
for
YamlDotNet
(NuGet)
Oct 16, 2018
Downloads Resources over HTTP in limbus-buildgen
High
CVE-2016-10674
was published
for
limbus-buildgen
(npm)
Feb 18, 2019
Critical severity vulnerability that affects org.apache.solr:solr-core
Critical
CVE-2019-0192
was published
for
org.apache.solr:solr-core
(Maven)
Mar 14, 2019
High severity vulnerability that affects actionpack
High
GHSA-hx46-vwmx-wx95
was published
for
actionpack
(RubyGems)
Aug 13, 2018
•
withdrawn
Moderate severity vulnerability that affects org.b3log:symphony
Moderate
CVE-2019-9142
was published
for
org.b3log:symphony
(Maven)
Mar 6, 2019
Moderate severity vulnerability that affects doorkeeper
Moderate
GHSA-5p9f-55j8-922m
was published
for
doorkeeper
(RubyGems)
Aug 13, 2018
•
withdrawn
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2016-6815
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-vwfg-qj3r-6v3r
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API