Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,774 advisories

Loading
High severity vulnerability that affects activerecord High
GHSA-hm48-76wh-q86v was published for activerecord (RubyGems) Aug 21, 2018 withdrawn
Directory traversal in Apache RocketMQ Moderate
CVE-2019-17572 was published for org.apache.rocketmq:rocketmq-broker (Maven) Jul 1, 2020
Cross-site Scripting in October Low
CVE-2020-4061 was published for october/backend (Composer) Jul 2, 2020
tomaszstrojny
Credited to tomaszstrojny
Moderate severity vulnerability that affects handlebars Moderate
GHSA-fmr4-7g9q-7hc7 was published for handlebars (npm) Oct 24, 2017 withdrawn
Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core Moderate
GHSA-r53m-pfr5-7v87 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 18, 2019 withdrawn
The REST Plugin in Apache Struts is using an outdated XStream library High
CVE-2017-9793 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
Downloads Resources over HTTP in phantomjs-cheniu High
CVE-2016-10661 was published for phantomjs-cheniu (npm) Feb 18, 2019
Context isolation bypass via contextBridge in Electron High
CVE-2020-4077 was published for electron (npm) Jul 7, 2020
Path Traversal in socket.io-file High
CVE-2020-15779 was published for socket.io-file (npm) Jul 7, 2020
Critical severity vulnerability that affects Haraka Critical
CVE-2016-1000282 was published for Haraka (npm) Feb 12, 2019
Downloads Resources over HTTP in mystem-wrapper High
CVE-2016-10671 was published for mystem-wrapper (npm) Feb 18, 2019
Downloads Resources over HTTP in galenframework-cli High
CVE-2016-10560 was published for galenframework-cli (npm) Feb 18, 2019
Moderate severity vulnerability that affects org.apache.oozie:oozie-core Moderate
CVE-2018-11799 was published for org.apache.oozie:oozie-core (Maven) Dec 20, 2018
Downloads Resources over HTTP in pennyworth High
CVE-2016-10619 was published for pennyworth (npm) Feb 18, 2019
Downloads Resources over HTTP in webdrvr High
CVE-2016-10601 was published for webdrvr (npm) Feb 18, 2019
SQL Injection in sequelize Moderate
CVE-2016-10554 was published for sequelize (npm) Feb 18, 2019
SQL Injection in sequelize High
CVE-2015-1369 was published for sequelize (npm) Oct 24, 2017
High severity vulnerability that affects uglify-js High
GHSA-g6f4-j6c2-w3p3 was published for uglify-js (npm) Oct 9, 2018 withdrawn
Regular expression denial of service in url-regex High
CVE-2020-7661 was published for url-regex (npm) Jun 22, 2020
Critical severity vulnerability that affects dns-sync Critical
GHSA-wxvm-fh75-mpgr was published for dns-sync (npm) Jul 26, 2018 withdrawn
High severity vulnerability that affects espeak-ruby High
GHSA-w655-w578-99pq was published for espeak-ruby (RubyGems) Aug 21, 2018 withdrawn
Path Traversal in cordova-plugin-ionic-webview High
CVE-2018-16202 was published for cordova-plugin-ionic-webview (npm) Feb 12, 2019
Deserialization Code Execution in js-yaml Critical
CVE-2013-4660 was published for js-yaml (npm) Oct 24, 2017
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload Critical
CVE-2018-9206 was published for blueimp-file-upload (npm) Oct 22, 2018
Cross-site Scripting in jspwiki-war Moderate
CVE-2018-20242 was published for org.apache.jspwiki:jspwiki-war (Maven) Feb 12, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database