GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+
137,129 advisories
Filter by severity
Cross-Site Scripting in handlebars
Moderate
CVE-2015-8861
was published
for
handlebars
(npm)
Oct 23, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2016-1000339
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects is-my-json-valid
Moderate
GHSA-ccq6-3qx5-vmqx
was published
for
is-my-json-valid
(npm)
Jul 31, 2018
•
withdrawn
Moderate severity vulnerability that affects org.apache.ignite:ignite-core
Moderate
CVE-2016-6805
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects rack-mini-profiler
Moderate
GHSA-995j-587r-259w
was published
for
rack-mini-profiler
(RubyGems)
Aug 13, 2018
•
withdrawn
Sensitive Data Exposure in parse-server
Moderate
CVE-2019-1020013
was published
for
parse-server
(npm)
Jul 11, 2019
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-3166
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2017-12161
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2017-7677
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
Moderate
CVE-2019-9658
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Mar 14, 2019
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf
Moderate
CVE-2016-8750
was published
for
org.apache.karaf:apache-karaf
(Maven)
Jan 7, 2019
VBScript Content Injection in marked
Moderate
CVE-2015-1370
was published
for
marked
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects marked
Moderate
CVE-2017-17461
was published
for
marked
(npm)
Jan 4, 2018
•
withdrawn
Cross-Site Scripting in morris.js
Moderate
CVE-2017-16022
was published
for
morris.js
(npm)
Nov 9, 2018
OPC UA applications can allow a remote attacker to determine a Server's private key
Moderate
CVE-2018-7559
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
Cross-Site Scripting in serialize-javascript
Moderate
CVE-2019-16769
was published
for
serialize-javascript
(npm)
Dec 5, 2019
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
Moderate
CVE-2018-1314
was published
for
org.apache.hive:hive-jdbc
(Maven)
Nov 21, 2018
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf
Moderate
CVE-2019-0191
was published
for
org.apache.karaf:apache-karaf
(Maven)
Mar 25, 2019
Hijacked Environment Variables in proxy.js
Moderate
CVE-2017-16076
was published
for
proxy.js
(npm)
Aug 29, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2016-1000345
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects rack
Moderate
GHSA-9vc2-p34x-jhxh
was published
for
rack
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects DotNetNuke.Core
Moderate
CVE-2015-1566
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Incorrect handling of CORS preflight request headers in hapi
Moderate
CVE-2015-9236
was published
for
hapi
(npm)
Jun 7, 2018
ProTip!
Advisories are also available from the
GraphQL API