Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

5,014 advisories

Loading
python-gnupg's shell_quote function does not properly escape characters High
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
Improper Input Validation in kdcproxy High
CVE-2015-5159 was published for kdcproxy (pip) Nov 1, 2018
Improper Input Validation in async-http-client High
CVE-2017-14063 was published for org.asynchttpclient:async-http-client (Maven) Oct 19, 2018
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation High
CVE-2018-11776 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks High
CVE-2015-5175 was published for org.apache.cxf.fediz:fediz-core (Maven) Oct 18, 2018
High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 High
CVE-2018-8038 was published for org.apache.cxf.fediz:fediz-jetty8 (Maven) Oct 18, 2018
Files or Directories Accessible to External Parties in org.springframework:spring-core High
CVE-2015-5211 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ
Improper certificate validation in org.apache.httpcomponents:httpclient High
CVE-2012-6153 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
ASP.NET Core fails to properly validate web requests High
CVE-2017-0247 was published for Microsoft.AspNetCore.Mvc (NuGet) Oct 16, 2018
High severity vulnerability that affects Microsoft.AspNetCore.Mvc High
CVE-2017-0249 was published for DisCatSharp (NuGet) Oct 16, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents High
CVE-2018-8030 was published for org.apache.qpid:apache-qpid-broker-j (Maven) Oct 16, 2018
MarkLee131
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used High
CVE-2017-9804 was published for org.apache.struts:struts2-core (Maven) Oct 16, 2018
G-Rath sunSUNQ
The REST Plugin in Apache Struts is using an outdated XStream library High
CVE-2017-9793 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
DNN (aka DotNetNuke) has Remote Code Execution via a cookie High
CVE-2017-9822 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
Topydo Improper Input Validation vulnerability High
CVE-2018-1000523 was published for topydo (pip) Sep 13, 2018
Mosca REDoS Vulnerability High
CVE-2018-11615 was published for mosca (npm) Aug 31, 2018
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data High
CVE-2018-1000656 was published for flask (pip) Aug 23, 2018
tdunlap607
PyCA Cryptography vulnerable to GCM tag forgery High
CVE-2018-10903 was published for cryptography (pip) Jul 31, 2018
Prototype Pollution in mixin-deep High
CVE-2018-3719 was published for mixin-deep (npm) Jul 26, 2018
Improper query string handling in Django High
CVE-2010-4534 was published for Django (pip) Jul 23, 2018
MarkLee131
Plone Denial of Service vulnerability High
CVE-2011-4462 was published for Plone (pip) Jul 23, 2018
feedparser denial of service vulnerability High
CVE-2011-1156 was published for feedparser (pip) Jul 23, 2018
cfscrape Improper Input Validation vulnerability High
CVE-2017-7235 was published for cfscrape (pip) Jul 13, 2018
FedMsg not properly completing message validation High
CVE-2017-1000001 was published for FedMsg (pip) Jul 13, 2018
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration High
CVE-2018-1000136 was published for electron (npm) Mar 26, 2018
Churro
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database