Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,767 advisories

Loading
Android SVG vulnerable to XML External Entity (XXE) High
CVE-2017-1000498 was published for com.caverock:androidsvg (Maven) Oct 19, 2018
Directory Traversal vulnerability in Square Retrofit High
CVE-2018-1000850 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
Use of Insufficiently Random Values in penggle:kaptcha Critical
CVE-2018-18531 was published for com.github.penggle:kaptcha (Maven) Oct 23, 2018
XML External Entity (XXE) vulnerability in codelibs fess Critical
CVE-2018-1000822 was published for org.codelibs.fess:fess (Maven) Dec 20, 2018
Improper Privilege Management in Apache Karaf High
CVE-2018-11786 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2018
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor Critical
CVE-2018-16115 was published for com.typesafe.akka:akka-actor_2.11 (Maven) Oct 22, 2018
Log Forging in generator-jhipster-kotlin Moderate
CVE-2020-4072 was published for generator-jhipster-kotlin (npm) Jun 25, 2020
Denial of service due to reference expansion in versions earlier than 4.0 High
GHSA-mm44-wc5p-wqhq was published for com.upokecenter:cbor (Maven) Jul 7, 2020
Command Injection in standard-version Moderate
GHSA-7xcx-6wjh-7xp2 was published for standard-version (npm) Jul 13, 2020
Stored XSS in TimelineJS3 High
CVE-2020-15092 was published for @knight-lab/timelinejs (npm) Jul 9, 2020
captainGeech42 JoeGermuska
Credited to captainGeech42 and JoeGermuska
XSS in Mapfish Print relating to JSONP support Low
CVE-2020-15231 was published for org.mapfish.print:print-lib (Maven) Jul 7, 2020
Storing Password in Local Storage Moderate
GHSA-wvh7-5p38-2qfc was published for parse (npm) Jul 23, 2020
dplewis pocketcolin
Credited to dplewis and pocketcolin
ECDSA signature vulnerability of Minerva timing attack in jsrsasign Moderate
GHSA-g753-jx37-7xwh was published for jsrsasign (npm) Jun 30, 2020
Privilege escalation in mysql-connector-jav Moderate
CVE-2019-2692 was published for mysql:mysql-connector-java (Maven) Jul 1, 2020
Arbitrary file read via window-open IPC in Electron Moderate
CVE-2020-4075 was published for electron (npm) Jul 7, 2020
Cross-Site Scripting in @progress/kendo-angular-editor High
GHSA-j7wp-vjj6-cp5m was published for @progress/kendo-angular-editor (npm) Aug 11, 2020
CSS Injection in Chartkick gem Moderate
CVE-2020-16254 was published for chartkick (RubyGems) Aug 12, 2020
False-positive validity for NFT1 genesis transactions in SLPJS Critical
CVE-2020-15130 was published for slpjs (npm) Jul 30, 2020
Incorrect access control in typo3_forum Moderate
CVE-2020-15513 was published for mittwald/typo3_forum (Composer) Jul 29, 2020
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Cross-Site Scripting in swagger-ui Critical
CVE-2016-5682 was published for swagger-ui (npm) Sep 1, 2020
Downloads Resources over HTTP in cue-sdk-node High
CVE-2016-10590 was published for cue-sdk-node (npm) Feb 18, 2019
Multiple Content Injection Vulnerabilities in marked Moderate
CVE-2014-3743 was published for marked (npm) Aug 31, 2020
Open Redirect in serve-static Low
CVE-2015-1164 was published for serve-static (npm) Aug 31, 2020
DOM-based XSS in auth0-lock Low
CVE-2020-15119 was published for auth0-lock (npm) Aug 19, 2020
mvisat
Credited to mvisat
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database