Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,518
Maven
5,000+
npm
4,156
NuGet
736
pip
3,955
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

8,350 advisories

Loading
Regular Expression Denial of Service in minimatch High
CVE-2016-10540 was published for minimatch (npm) Oct 9, 2018
High severity vulnerability that affects uglify-js High
GHSA-g6f4-j6c2-w3p3 was published for uglify-js (npm) Oct 9, 2018 withdrawn
Denial-of-Service Extended Event Loop Blocking in qs High
CVE-2014-10064 was published for qs (npm) Oct 9, 2018
Regular Expression Denial of Service in negotiator High
CVE-2016-10539 was published for negotiator (npm) Oct 9, 2018
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized High
CVE-2016-9878 was published for org.springframework:spring-webmvc (Maven) Oct 4, 2018
sunSUNQ
Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI High
CVE-2016-9177 was published for com.sparkjava:spark-core (Maven) Oct 4, 2018
Django vulnerable to information leakage in AuthenticationForm High
CVE-2018-6188 was published for Django (pip) Oct 3, 2018
MarkLee131
node-opensl is malware High
CVE-2017-16063 was published for node-opensl (npm) Oct 3, 2018
Jekyll allows attackers to access arbitrary files by specifying a symlink High
CVE-2018-17567 was published for jekyll (RubyGems) Sep 28, 2018
Downloads Resources over HTTP in node-bsdiff-android High
CVE-2016-10641 was published for node-bsdiff-android (npm) Sep 18, 2018
apk-parser2 downloads Resources over HTTP High
CVE-2016-10632 was published for apk-parser2 (npm) Sep 18, 2018
Path Traversal in buttle High
CVE-2018-3766 was published for buttle (npm) Sep 18, 2018
Denial of service or RCE from libxml2 and libxslt High
CVE-2015-8806 was published for nokogiri (RubyGems) Sep 17, 2018
websockets is vulnerable to denial of service by memory exhaustion High
CVE-2018-1000518 was published for websockets (pip) Sep 17, 2018
ericwb
js-bson vulnerable to REDoS High
CVE-2018-13863 was published for bson (npm) Sep 17, 2018
noderequest is malware High
CVE-2017-16073 was published for noderequest (npm) Sep 17, 2018
Topydo Improper Input Validation vulnerability High
CVE-2018-1000523 was published for topydo (pip) Sep 13, 2018
aiohttp-session Session Fixation vulnerability High
CVE-2018-1000519 was published for aiohttp-session (pip) Sep 13, 2018
SQL Injection in query-mysql High
CVE-2018-3754 was published for query-mysql (npm) Sep 10, 2018
simplehttpserver allows directory traversal and file listing High
CVE-2018-3787 was published for simplehttpserver (npm) Sep 6, 2018
Ruby-ffi has a DLL loading issue High
CVE-2018-1000201 was published for ffi (RubyGems) Aug 31, 2018
Mosca REDoS Vulnerability High
CVE-2018-11615 was published for mosca (npm) Aug 31, 2018
babelcli is malware High
CVE-2017-16060 was published for babelcli (npm) Aug 29, 2018
ffmepg is malware High
CVE-2017-16068 was published for ffmepg (npm) Aug 29, 2018
node-opencv is malware High
CVE-2017-16067 was published for node-opencv (npm) Aug 29, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database