Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,583 advisories

Loading
High severity vulnerability that affects colorscore High
GHSA-9wcm-rrvh-qjc8 was published for colorscore (RubyGems) Aug 15, 2018 withdrawn
High severity vulnerability that affects festivaltts4r High
GHSA-9wv8-jgw4-4g28 was published for festivaltts4r (RubyGems) Aug 15, 2018 withdrawn
redcarpet Buffer Overflow vulnerability High
CVE-2015-5147 was published for redcarpet (RubyGems) Aug 15, 2018
tdunlap607
fis-sass-all downloads Resources over HTTP High
CVE-2016-10686 was published for fis-sass-all (npm) Aug 17, 2018
Downloads Resources over HTTP in haxe3 High
CVE-2016-10688 was published for haxe3 (npm) Aug 17, 2018
Pyro mishandles pid files in temporary directory locations and opening the pid file as root High
CVE-2011-2765 was published for pyro (pip) Aug 21, 2018
Phusion Passenger uses a known /tmp filename High
CVE-2016-10345 was published for passenger (RubyGems) Aug 21, 2018
Ruby-saml allows attackers to perform XML signature wrapping attacks High
CVE-2016-5697 was published for ruby-saml (RubyGems) Aug 21, 2018
High severity vulnerability that affects espeak-ruby High
GHSA-w655-w578-99pq was published for espeak-ruby (RubyGems) Aug 21, 2018 withdrawn
Nokogiri subject to DoS via libxml2 vulnerability High
CVE-2015-5312 was published for nokogiri (RubyGems) Aug 21, 2018
High severity vulnerability that affects activerecord High
GHSA-hm48-76wh-q86v was published for activerecord (RubyGems) Aug 21, 2018 withdrawn
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data High
CVE-2018-1000656 was published for flask (pip) Aug 23, 2018
tdunlap607
Electron webPreferences vulnerability can be used to perform remote code execution High
CVE-2018-15685 was published for electron (npm) Aug 23, 2018
PyCryptodome integer overflow vulnerability High
CVE-2018-15560 was published for pycryptodome (pip) Aug 27, 2018
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability High
CVE-2015-4619 was published for spina (RubyGems) Aug 28, 2018
Regular Expression Denial of Service in timespan High
CVE-2017-16115 was published for timespan (npm) Aug 29, 2018
crossenv is malware High
CVE-2017-16074 was published for crossenv (npm) Aug 29, 2018
http-proxy.js is malware High
CVE-2017-16075 was published for http-proxy.js (npm) Aug 29, 2018
smb is malware High
CVE-2017-16079 was published for smb (npm) Aug 29, 2018
nodeffmpeg is malware High
CVE-2017-16069 was published for nodeffmpeg (npm) Aug 29, 2018
nodecaffe is malware High
CVE-2017-16070 was published for nodecaffe (npm) Aug 29, 2018
nodemailer-js is malware High
CVE-2017-16071 was published for nodemailer-js (npm) Aug 29, 2018
nodemailer.js is malware High
CVE-2017-16072 was published for nodemailer.js (npm) Aug 29, 2018
openssl.js is malware High
CVE-2017-16065 was published for openssl.js (npm) Aug 29, 2018
opencv.js is malware High
CVE-2017-16066 was published for opencv.js (npm) Aug 29, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database