Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,584 advisories

Loading
gruntcli is malware High
CVE-2017-16058 was published for gruntcli (npm) Nov 9, 2018
Directory Traversal in hostr High
CVE-2017-16029 was published for hostr (npm) Nov 9, 2018
Insufficient Error Handling in http-proxy High
CVE-2017-16014 was published for http-proxy (npm) Nov 9, 2018
XSS in Data URI in remarkable High
CVE-2017-16006 was published for remarkable (npm) Nov 9, 2018
windows-build-tools downloads Resources over HTTP High
CVE-2017-16003 was published for windows-build-tools (npm) Nov 9, 2018
sqlserver is malware High
CVE-2017-16055 was published for sqlserver (npm) Nov 9, 2018
Header Forgery in http-signature High
CVE-2017-16005 was published for http-signature (npm) Nov 9, 2018
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users High
CVE-2015-2080 was published for org.eclipse.jetty:jetty-server (Maven) Nov 9, 2018
Rack vulnerable to Denial of Service High
CVE-2018-16470 was published for rack (RubyGems) Nov 15, 2018
Improper Certificate Validation in proton-j High
CVE-2018-17187 was published for org.apache.qpid:proton-j (Maven) Nov 21, 2018
MarkLee131
Denial of Service in ethereumjs-vm High
CVE-2018-19183 was published for ethereumjs-vm (npm) Nov 21, 2018
Py-EVM is vulnerable to arbitrary bytecode injection High
CVE-2018-18920 was published for py-evm (pip) Nov 21, 2018
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service High
CVE-2015-7521 was published for org.apache.hive:hive (Maven) Nov 21, 2018
Improper Authentication in hive:hive-exec High
CVE-2018-11777 was published for org.apache.hive:hive-exec (Maven) Nov 21, 2018
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker High
CVE-2018-15795 was published for org.springframework.credhub:spring-credhub-core (Maven) Nov 29, 2018
Session Fixation in Tryton High
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
Improper Access Control in activejob High
CVE-2018-16476 was published for activejob (RubyGems) Dec 5, 2018
OS Command Injection in craftercms:crafter-studio High
CVE-2018-19907 was published for org.craftercms:crafter-studio (Maven) Dec 19, 2018
Improper Restriction of XML External Entity Reference in bedework:bw-webdav High
CVE-2018-20000 was published for org.bedework:bw-webdav (Maven) Dec 19, 2018
SunBK201
XXL-CONF Path Traversal vulnerability High
CVE-2018-20094 was published for com.xuxueli:xxl-conf-admin (Maven) Dec 19, 2018
Spring Security vulnerable to Authorization Bypass High
CVE-2018-15801 was published for org.springframework.security:spring-security-core (Maven) Dec 20, 2018
MarkLee131 sunSUNQ
Cross-Site Request Forgery (CSRF) in Luigi High
CVE-2018-1000843 was published for luigi (pip) Dec 20, 2018
aiohttp-session creates non-expiring sessions High
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
Apache NiFi Improper Input Validation vulnerability High
CVE-2018-17194 was published for org.apache.nifi:nifi-framework-cluster (Maven) Dec 20, 2018
MarkLee131
Cleartext Transmission of Sensitive Information in Apache nifi High
CVE-2018-17195 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database