Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,794 advisories

Loading
Denial of Service in uws High
CVE-2016-10544 was published for uws (npm) Sep 1, 2020
Downloads Resources over HTTP in roslib-socketio High
CVE-2016-10681 was published for roslib-socketio (npm) Sep 1, 2020
Spoofing attack due to unvalidated KDC in node-krb5 Moderate
CVE-2016-1000238 was published for node-krb5 (npm) Sep 1, 2020
Downloads Resources over HTTP in adamvr-geoip-lite Moderate
CVE-2016-10680 was published for adamvr-geoip-lite (npm) Sep 1, 2020
Cross-Site Scripting in swagger-ui Critical
CVE-2016-1000226 was published for swagger-ui (npm) Sep 1, 2020
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons High
CVE-2018-20595 was published for org.hswebframework.web:hsweb-commons (Maven) Jan 4, 2019
Path Traversal in minsoft:ms-mcms High
CVE-2018-18831 was published for net.mingsoft:ms-mcms (Maven) Nov 1, 2018
Denial of Service in ethereumjs-vm High
CVE-2018-19183 was published for ethereumjs-vm (npm) Nov 21, 2018
Cross-Site Scripting in mrk.js High
GHSA-hpr5-wp7c-hh5q was published for mrk.js (npm) Sep 1, 2020
Malicious Package in blingjs Critical
GHSA-hfc6-79wv-5hpw was published for blingjs (npm) Sep 1, 2020
Malicious Package in nginxbeautifier Critical
GHSA-28xx-8j99-m32j was published for nginxbeautifier (npm) Sep 1, 2020
Cross-Site Scripting in react-marked-markdown High
GHSA-m7qm-r2r5-f77q was published for react-marked-markdown (npm) Sep 1, 2020
Silently Runs Cryptocoin Miner in hooka-tools Low
GHSA-m36m-x4c5-rjxj was published for hooka-tools (npm) Sep 1, 2020
Malicious Package in angular-material-sidenav-rnd Critical
GHSA-qmxf-fxq7-w59f was published for angular-material-sidenav-rnd (npm) Sep 1, 2020
Remote Memory Exposure in openwhisk Moderate
GHSA-53mj-mc38-q894 was published for openwhisk (npm) Sep 1, 2020
Malicious Package in cordova-plugin-china-picker Critical
GHSA-x9gm-qxhh-rf75 was published for cordova-plugin-china-picker (npm) Sep 1, 2020
XML External Entity (XXE) vulnerability in Square Retrofit Critical
CVE-2018-1000844 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
Arbitrary Command Execution in Hadoop High
CVE-2018-11766 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Undertow-core vulnerable to HTTP Request Smuggling Moderate
CVE-2017-2666 was published for io.undertow:undertow-core (Maven) Oct 19, 2018
Incorrect Permission Assignment for Critical Resource in Apache hive Low
CVE-2018-1315 was published for org.apache.hive:hive (Maven) Nov 21, 2018
Server-Side Request Forgery (SSRF) in jackson-databind Critical
CVE-2018-14721 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jan 4, 2019
Improper Control of Interaction Frequency in Apache syncope-core Moderate
CVE-2018-17184 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
Malicious Package in axois Critical
GHSA-wpfc-3w63-g4hm was published for axois (npm) Sep 1, 2020
Prototype Pollution in merge-objects Low
GHSA-992f-wf4w-x36v was published for merge-objects (npm) Sep 1, 2020
Deserialization of Untrusted Data in swagger-codegen High
CVE-2017-1000207 was published for io.swagger:swagger-codegen (Maven) Oct 19, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database