Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,564 advisories

Loading
High severity vulnerability that affects activerecord High
GHSA-hm48-76wh-q86v was published for activerecord (RubyGems) Aug 21, 2018 withdrawn
The REST Plugin in Apache Struts is using an outdated XStream library High
CVE-2017-9793 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
Downloads Resources over HTTP in mystem-wrapper High
CVE-2016-10671 was published for mystem-wrapper (npm) Feb 18, 2019
Downloads Resources over HTTP in phantomjs-cheniu High
CVE-2016-10661 was published for phantomjs-cheniu (npm) Feb 18, 2019
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode High
CVE-2016-1000352 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Context isolation bypass via contextBridge in Electron High
CVE-2020-4077 was published for electron (npm) Jul 7, 2020
Path Traversal in socket.io-file High
CVE-2020-15779 was published for socket.io-file (npm) Jul 7, 2020
Downloads Resources over HTTP in webdrvr High
CVE-2016-10601 was published for webdrvr (npm) Feb 18, 2019
Downloads Resources over HTTP in pennyworth High
CVE-2016-10619 was published for pennyworth (npm) Feb 18, 2019
Downloads Resources over HTTP in galenframework-cli High
CVE-2016-10560 was published for galenframework-cli (npm) Feb 18, 2019
SQL Injection in sequelize High
CVE-2015-1369 was published for sequelize (npm) Oct 24, 2017
Path Traversal in cordova-plugin-ionic-webview High
CVE-2018-16202 was published for cordova-plugin-ionic-webview (npm) Feb 12, 2019
High severity vulnerability that affects uglify-js High
GHSA-g6f4-j6c2-w3p3 was published for uglify-js (npm) Oct 9, 2018 withdrawn
High severity vulnerability that affects espeak-ruby High
GHSA-w655-w578-99pq was published for espeak-ruby (RubyGems) Aug 21, 2018 withdrawn
Regular expression denial of service in url-regex High
CVE-2020-7661 was published for url-regex (npm) Jun 22, 2020
Improper Privilege Management in Apache Karaf High
CVE-2018-11786 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2018
Stored XSS in TimelineJS3 High
CVE-2020-15092 was published for @knight-lab/timelinejs (npm) Jul 9, 2020
captainGeech42 JoeGermuska
Directory Traversal vulnerability in Square Retrofit High
CVE-2018-1000850 was published for com.squareup.retrofit2:retrofit (Maven) Dec 21, 2018
Android SVG vulnerable to XML External Entity (XXE) High
CVE-2017-1000498 was published for com.caverock:androidsvg (Maven) Oct 19, 2018
Denial of service due to reference expansion in versions earlier than 4.0 High
GHSA-mm44-wc5p-wqhq was published for com.upokecenter:cbor (Maven) Jul 7, 2020
Cross-Site Scripting in @progress/kendo-angular-editor High
GHSA-j7wp-vjj6-cp5m was published for @progress/kendo-angular-editor (npm) Aug 11, 2020
Cross-Site Scripting (XSS) in pivottable High
CVE-2016-1000241 was published for pivottable (npm) Sep 1, 2020
Cross-Site Scripting in bootstrap-tagsinput High
CVE-2016-1000227 was published for bootstrap-tagsinput (npm) Sep 1, 2020
Cross-Site Scripting in jqtree High
CVE-2016-1000234 was published for jqtree (npm) Sep 1, 2020
Access and integrity issue within Eclipse Jetty High
CVE-2018-12538 was published for org.eclipse.jetty:jetty-server (Maven) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database