Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

10,560 advisories

Loading
Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET Moderate
CVE-2020-5268 was published for Sustainsys.Saml2 (NuGet) Apr 22, 2020
SQL injection in Tortoise ORM Moderate
CVE-2020-11010 was published for tortoise-orm (pip) Apr 20, 2020
Machine-In-The-Middle in https-proxy-agent Moderate
GHSA-pc5p-h8pf-mvwp was published for https-proxy-agent (npm) Apr 16, 2020
Cross-Site Scripting in sanitize-html Moderate
CVE-2016-1000237 was published for sanitize-html (npm) Apr 16, 2020
CSRF and DNS Rebinding in Oasis Moderate
CVE-2020-11003 was published for @fraction/oasis (npm) Apr 16, 2020
christianbundy zozs
Improper Restriction of Rendered UI Layers or Frames in Keycloak Moderate
CVE-2020-1728 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
XSS in Keycloak Moderate
CVE-2020-1697 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak Moderate
CVE-2019-14820 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
XSS injection in the Grid component of Sylius Moderate
CVE-2019-12186 was published for sylius/grid (Composer) Apr 15, 2020
Possible XSS attack in Wagtail Moderate
CVE-2020-11001 was published for wagtail (pip) Apr 14, 2020
Internal NCryptDecrypt method could be used externally from WindowsHello library. Moderate
CVE-2020-11005 was published for HaemmerElectronics.SeppPenner.WindowsHello (NuGet) Apr 14, 2020
Persistent Cross-Site scripting in Nexus Repository Manager Moderate
CVE-2020-10203 was published for org.sonatype.nexus:nexus-core (Maven) Apr 14, 2020
confinit vulnerable to prototype pollution Moderate
CVE-2020-7638 was published for confinit (npm) Apr 7, 2020
Prototype pollution in class-transformer Moderate
CVE-2020-7637 was published for class-transformer (npm) Apr 7, 2020
Prototype Pollution in minimist Moderate
CVE-2020-7598 was published for minimist (npm) Apr 3, 2020
ayatweb
XSS in MITREid Connect Moderate
CVE-2020-5497 was published for org.mitre:openid-connect-server (Maven) Apr 1, 2020
XSS in knockout Moderate
CVE-2019-14862 was published for knockout (npm) Apr 1, 2020
Path Traversal in statics-server Moderate
CVE-2019-15596 was published for statics-server (npm) Mar 31, 2020
Directory Traversal in Next.js Moderate
CVE-2020-5284 was published for next (npm) Mar 30, 2020
Exceptions displayed in non-debug configurations in Symfony Moderate
CVE-2020-5274 was published for symfony/error-handler (Composer) Mar 30, 2020
yceruto jderusse
LukaSikic
Malicious package may avoid detection in python auditing Moderate
CVE-2020-5252 was published for safety (pip) Mar 24, 2020
akoumjian G-Rath
Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag Moderate
CVE-2020-6816 was published for bleach (pip) Mar 24, 2020
Cross site scripting vulnerability in ActionView Moderate
CVE-2020-5267 was published for actionview (RubyGems) Mar 19, 2020
jessecampos
2FA bypass through deleting devices in wagtail-2fa Moderate
CVE-2020-5240 was published for wagtail-2fa (pip) Mar 13, 2020
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) Moderate
GHSA-7fhm-mqm4-2wp7 was published for acorn (npm) Mar 13, 2020 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database