Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,575 advisories

Loading
Downloads Resources over HTTP in soci High
CVE-2016-10669 was published for soci (npm) Feb 18, 2019
ReDoS via long UserAgent header in ua-parser High
CVE-2017-16086 was published for ua-parser (npm) Jul 24, 2018
Command Injection in fs-path High
GHSA-gc94-6w89-hpqr was published for fs-path (npm) Jun 12, 2019
Mooninaut
Downloads Resources over HTTP in jvminstall High
CVE-2016-10631 was published for jvminstall (npm) Feb 18, 2019
Downloads Resources over HTTP in unicode High
CVE-2016-10578 was published for unicode (npm) Feb 18, 2019
Potential Command Injection in codem-transcode High
CVE-2013-7377 was published for codem-transcode (npm) Nov 28, 2017
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal High
CVE-2018-17297 was published for cn.hutool:hutool-all (Maven) Oct 17, 2018
The Bouncy Castle JCE Provider carry a propagation bug High
CVE-2016-1000340 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Downloads Resources over HTTP in wasdk High
CVE-2016-10587 was published for wasdk (npm) Feb 18, 2019
Downloads Resources over HTTP in native-opencv High
CVE-2016-10658 was published for native-opencv (npm) Feb 18, 2019
Downloads Resources over HTTP in jstestdriver High
CVE-2016-10643 was published for jstestdriver (npm) Aug 15, 2018
Downloads Resources over HTTP in imageoptim High
CVE-2016-10596 was published for imageoptim (npm) Feb 18, 2019
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values High
CVE-2016-1000343 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Regular Expression Denial of Service in parsejson High
CVE-2017-16113 was published for parsejson (npm) Jul 24, 2018
Cross-Site Scripting in mustache High
CVE-2015-8862 was published for mustache (npm) Oct 24, 2017
Downloads Resources over HTTP in windows-iedriver High
CVE-2016-10689 was published for windows-iedriver (npm) Feb 18, 2019
Cross-Site Request Forgery (CSRF) in keystone High
CVE-2017-16570 was published for keystone (npm) Nov 30, 2017
Downloads Resources over HTTP in install-g-test High
CVE-2016-10630 was published for install-g-test (npm) Feb 18, 2019
Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user High
CVE-2017-9799 was published for org.apache.storm:storm-core (Maven) Oct 17, 2018
Directory Traversal in serve High
CVE-2019-5417 was published for serve (npm) Mar 25, 2019
Denial of Service in hapi High
CVE-2015-9241 was published for hapi (npm) Jun 7, 2018
Downloads Resources over HTTP in limbus-buildgen High
CVE-2016-10674 was published for limbus-buildgen (npm) Feb 18, 2019
High severity vulnerability that affects actionpack High
GHSA-hx46-vwmx-wx95 was published for actionpack (RubyGems) Aug 13, 2018 withdrawn
Buffer Overflow in centra High
GHSA-v6cj-r88p-92rm was published for centra (npm) Sep 30, 2019
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed High
CVE-2018-1000210 was published for YamlDotNet (NuGet) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database