Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,583 advisories

Loading
Forgeable Public/Private Tokens in jws High
CVE-2016-1000223 was published for jws (npm) Sep 1, 2020
Directory Traversal in st High
CVE-2014-3744 was published for st (npm) Aug 31, 2020
Denial of Service in mqtt High
CVE-2016-1000242 was published for mqtt (npm) Sep 1, 2020
Denial of Service in uws High
CVE-2016-10544 was published for uws (npm) Sep 1, 2020
Downloads Resources over HTTP in roslib-socketio High
CVE-2016-10681 was published for roslib-socketio (npm) Sep 1, 2020
Path Traversal in minsoft:ms-mcms High
CVE-2018-18831 was published for net.mingsoft:ms-mcms (Maven) Nov 1, 2018
Cross-Site Scripting in react-marked-markdown High
GHSA-m7qm-r2r5-f77q was published for react-marked-markdown (npm) Sep 1, 2020
Denial of Service in ethereumjs-vm High
CVE-2018-19183 was published for ethereumjs-vm (npm) Nov 21, 2018
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons High
CVE-2018-20595 was published for org.hswebframework.web:hsweb-commons (Maven) Jan 4, 2019
Cross-Site Scripting in mrk.js High
GHSA-hpr5-wp7c-hh5q was published for mrk.js (npm) Sep 1, 2020
Apache juddi-client vulnerable to XML External Entity (XXE) High
CVE-2018-1307 was published for org.apache.juddi:juddi-client (Maven) Oct 19, 2018
Cross-Site Scripting in semantic-ui-search High
GHSA-p9vv-3945-x93h was published for semantic-ui-search (npm) Sep 2, 2020
Arbitrary Command Execution in Hadoop High
CVE-2018-11766 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker High
CVE-2018-15795 was published for org.springframework.credhub:spring-credhub-core (Maven) Nov 29, 2018
Stack Overflow in Apache Mesos High
CVE-2018-11793 was published for org.apache.mesos:mesos (Maven) Mar 6, 2019
Deserialization of Untrusted Data in swagger-codegen High
CVE-2017-1000207 was published for io.swagger:swagger-codegen (Maven) Oct 19, 2018
Sensitive Data Exposure in rails-session-decoder High
GHSA-44vf-8ffm-v2qh was published for rails-session-decoder (npm) Sep 2, 2020
Command Injection in cocos-utils High
GHSA-rffp-mc78-wjf7 was published for cocos-utils (npm) Sep 2, 2020
Arbitrary JavaScript Execution in typed-function High
CVE-2017-1001004 was published for typed-function (npm) Sep 2, 2020
Remote Code Execution in pi_video_recording High
GHSA-9wjh-jr2j-6r4x was published for pi_video_recording (npm) Sep 2, 2020
Cross-Site Scripting in cmmn-js-properties-panel High
GHSA-vmh4-322v-cfpc was published for cmmn-js-properties-panel (npm) Sep 3, 2020
Directory traversal in rollup-plugin-server High
CVE-2020-7683 was published for rollup-plugin-server (npm) Jul 29, 2020
Prototype Pollution in lodash.defaultsdeep High
GHSA-h5mp-5q4p-ggf5 was published for lodash.defaultsdeep (npm) Sep 3, 2020
Cross-Site Scripting in bpmn-js-properties-panel High
GHSA-vpj4-89q8-rh38 was published for bpmn-js-properties-panel (npm) Sep 3, 2020
LDAP Injection in ldapauth High
CVE-2015-7294 was published for ldapauth (npm) Aug 31, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database