GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+
111,575 advisories
Filter by severity
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
High
CVE-2018-0765
was published
for
System.Security.Cryptography.Xml
(NuGet)
Oct 16, 2018
AWS Lambda parser is vulnerable to Regular Expression Denial of Service
High
CVE-2018-7560
was published
for
aws-lambda-multipart-parser
(npm)
Mar 5, 2018
DoS due to excessively large websocket message in ws
High
CVE-2016-10542
was published
for
ws
(npm)
Feb 18, 2019
High severity vulnerability that affects rubyzip
High
GHSA-3q5q-f79q-7hr2
was published
for
rubyzip
(RubyGems)
Jul 31, 2018
•
withdrawn
Downloads Resources over HTTP in windows-seleniumjar-mirror
High
CVE-2016-10670
was published
for
windows-seleniumjar-mirror
(npm)
Feb 18, 2019
Downloads Resources over HTTP in fibjs
High
CVE-2016-10621
was published
for
fibjs
(npm)
Feb 18, 2019
Default Express middleware security check is ignored in production
High
GHSA-4j6x-w426-6rc6
was published
for
@cubejs-backend/api-gateway
(npm)
Nov 8, 2019
Apache Tika does not properly initialize the XML parser or choose handlers
High
CVE-2016-4434
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Potential for Script Injection in syntax-error
High
CVE-2014-7192
was published
for
syntax-error
(npm)
Oct 24, 2017
Downloads Resources over HTTP in tomita-parser
High
CVE-2016-10666
was published
for
tomita-parser
(npm)
Feb 18, 2019
Downloads Resources over HTTP in httpsync
High
CVE-2016-10614
was published
for
httpsync
(npm)
Feb 18, 2019
In blynk-server a Directory Traversal exists
High
CVE-2018-17785
was published
for
com.github.blynkkk:blynk-server
(Maven)
Oct 17, 2018
Downloads Resources over HTTP in bionode-sra
High
CVE-2016-10613
was published
for
bionode-sra
(npm)
Feb 18, 2019
Downloads Resources over HTTP in baryton-saxophone
High
CVE-2016-10573
was published
for
baryton-saxophone
(npm)
Feb 18, 2019
Downloads Resources over HTTP in webrtc-native
High
CVE-2016-10600
was published
for
webrtc-native
(npm)
Feb 18, 2019
Authentication Bypass in passport-azure-ad
High
CVE-2016-7191
was published
for
passport-azure-ad
(npm)
Jul 26, 2018
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0639
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Path Traversal in http-live-simulator
High
CVE-2018-16479
was published
for
http-live-simulator
(npm)
Feb 7, 2019
High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua
High
CVE-2018-12086
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
Downloads Resources over HTTP in mongodb-instance
High
CVE-2016-10572
was published
for
mongodb-instance
(npm)
Feb 18, 2019
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-7521
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Downloads Resources over HTTP in operadriver
High
CVE-2016-10565
was published
for
operadriver
(npm)
Feb 18, 2019
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
High
CVE-2016-1000344
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 18, 2018
Downloads Resources over HTTP in curses
High
CVE-2016-10615
was published
for
curses
(npm)
Feb 18, 2019
ProTip!
Advisories are also available from the
GraphQL API