Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
Segfault in Tensorflow High
CVE-2020-15200 was published for tensorflow (pip) Sep 25, 2020
Denial of Service in Tensorflow High
CVE-2020-15199 was published for tensorflow (pip) Sep 25, 2020
Remote Code Execution in next High
GHSA-5vj8-3v2h-h38v was published for next (npm) Sep 4, 2020
medikoo
Remote Code Execution in pi_video_recording High
GHSA-9wjh-jr2j-6r4x was published for pi_video_recording (npm) Sep 2, 2020
Remote Code Execution in office-converter High
GHSA-9p64-h5q4-phpm was published for office-converter (npm) Sep 2, 2020
Remote Code Execution in pomelo-monitor High
GHSA-m5ch-gx8g-rg73 was published for pomelo-monitor (npm) Sep 2, 2020
Moped Rubygem Data Injection Vulnerability High
CVE-2015-4410 was published for moped (RubyGems) Aug 19, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Unsafe object creation in json RubyGem High
CVE-2020-10663 was published for json (RubyGems) Jul 27, 2020
Improper Input Validation in sails-hook-sockets High
CVE-2018-21036 was published for sails-hook-sockets (npm) Jul 24, 2020
Denial of service in XStream High
CVE-2017-7957 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
Information Exposure in Netty High
CVE-2015-2156 was published for io.netty:netty (Maven) Jun 30, 2020
westonsteimel
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names High
CVE-2020-8184 was published for rack (RubyGems) Jun 24, 2020
Arbitrary code execution in Apache Commons BeanUtils High
CVE-2014-0114 was published for commons-beanutils:commons-beanutils (Maven) Jun 10, 2020
SunBK201
Prototype Pollution Protection Bypass in qs High
CVE-2017-1000048 was published for qs (npm) Apr 30, 2020
Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager High
CVE-2020-10204 was published for org.sonatype.nexus:nexus-core (Maven) Apr 14, 2020
TaffyDB can allow access to any data items in the DB High
CVE-2019-10790 was published for taffy (npm) Feb 19, 2020
ebickle
Improper Input Validation in Apache Solr High
CVE-2019-17558 was published for org.apache.solr:solr-core (Maven) Feb 12, 2020
Improper input validation in Apache Olingo High
CVE-2019-17555 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Argument injection in a MimeTypeGuesser in Symfony High
CVE-2019-18888 was published for symfony/http-foundation (Composer) Dec 2, 2019
Prototype Pollution in angular High
CVE-2019-10768 was published for angular (npm) Nov 20, 2019
Regular Expression Denial of Service in csv-parse High
CVE-2019-17592 was published for csv-parse (npm) Oct 15, 2019
Improper Input Validation and Cross-Site Request Forgery in Keycloak High
CVE-2019-10199 was published for org.keycloak:keycloak-core (Maven) Sep 23, 2019
assign-deep Vulnerable to Prototype Pollution High
CVE-2019-10745 was published for assign-deep (npm) Aug 21, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database