Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability Critical
CVE-2019-13354 was published for strong_password (RubyGems) Jul 8, 2019
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (RubyGems) Jul 10, 2019
G-Rath
Slanger Arbitrary command execution Critical
CVE-2019-1010306 was published for slanger (RubyGems) Jul 16, 2019
paranoid2 gem Code backdoor Critical
CVE-2019-13589 was published for paranoid2 (RubyGems) Jul 16, 2019
Deserialization of Untrusted Data in jackson-databind Critical
CVE-2018-11307 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jul 16, 2019
sunSUNQ
Deserialization of Untrusted Data and Code Injection in xstream Critical
CVE-2019-10173 was published for com.thoughtworks.xstream:xstream (Maven) Jul 26, 2019
Improper Restriction of XML External Entity Reference in ladon Critical
CVE-2019-1010268 was published for ladon (pip) Jul 26, 2019
SQL Injection in marginalia Critical
CVE-2019-1010191 was published for marginalia (RubyGems) Jul 26, 2019
aubio Buffer Overflow vulnerability Critical
CVE-2018-19800 was published for aubio (pip) Jul 26, 2019
Deserialization of Untrusted Data in EthereumJ Critical
CVE-2018-15890 was published for org.ethereum:ethereumj-core (Maven) Jul 26, 2019
Code backdoor in simple_captcha2 Critical
CVE-2019-14282 was published for simple_captcha2 (RubyGems) Jul 31, 2019
datagrid contains code Injection backdoor Critical
CVE-2019-14281 was published for datagrid (RubyGems) Jul 31, 2019
Deserialization of Untrusted Data in Apache Storm Critical
CVE-2018-11779 was published for org.apache.storm:storm-kafka (Maven) Aug 1, 2019
Deserialization of untrusted data in FasterXML jackson-databind Critical
CVE-2019-14379 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Aug 1, 2019
SQL Injection in Django Critical
CVE-2019-14234 was published for Django (pip) Aug 16, 2019
Improper Certificate Validation in Twisted Critical
CVE-2019-12855 was published for twisted (pip) Aug 16, 2019
Nokogiri Command Injection Vulnerability Critical
CVE-2019-5477 was published for nokogiri (RubyGems) Aug 19, 2019
tdunlap607
Undirectional routing wasn't respected in some cases in Mitogen Critical
CVE-2019-15149 was published for mitogen (pip) Aug 19, 2019 withdrawn
rest-client Gem Contains Malicious Code Critical
CVE-2019-15224 was published for awesome-bot (RubyGems) Aug 20, 2019
Identity Spoofing in libp2p-secio Critical
GHSA-rch7-f4h5-x9rj was published for libp2p-secio (npm) Aug 23, 2019
Arbitrary Code Execution in eslint-utils Critical
CVE-2019-15657 was published for eslint-utils (npm) Aug 26, 2019
Prototype Pollution in mixin-deep Critical
CVE-2019-10746 was published for mixin-deep (npm) Aug 27, 2019
Prototype Pollution in set-value Critical
CVE-2019-10747 was published for set-value (npm) Aug 27, 2019
Prototype Pollution in deeply Critical
CVE-2019-10750 was published for deeply (npm) Aug 27, 2019
Airbrake keys not being filtered Critical
CVE-2019-16060 was published for airbrake-ruby (RubyGems) Sep 11, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database