Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,581 advisories

Loading
Regular Expression Denial of Service in marked High
CVE-2017-16114 was published for marked (npm) Jul 24, 2018
Regular Expression Denial of Service in parsejson High
CVE-2017-16113 was published for parsejson (npm) Jul 24, 2018
Regular Expression Denial of Service in tough-cookie High
CVE-2017-15010 was published for tough-cookie (npm) Jul 24, 2018
tdunlap607
Pillow buffer overflow in ImagingPcdDecode High
CVE-2016-2533 was published for pillow (pip) Jul 24, 2018
Pillow Buffer overflow in ImagingFliDecode High
CVE-2016-0775 was published for Pillow (pip) Jul 24, 2018
Regular Expression Denial of Service in string package High
CVE-2017-16116 was published for string (npm) Jul 24, 2018
Regular Expression Denial of Service in forwarded High
CVE-2017-16118 was published for forwarded (npm) Jul 24, 2018
Regular Expression Denial of Service in fresh High
CVE-2017-16119 was published for fresh (npm) Jul 24, 2018
Path Traversal in localhost-now High
CVE-2018-3729 was published for localhost-now (npm) Jul 25, 2018
Prototype Pollution in mixin-deep High
CVE-2018-3719 was published for mixin-deep (npm) Jul 26, 2018
Prototype Pollution in assign-deep High
CVE-2018-3720 was published for assign-deep (npm) Jul 26, 2018
Prototype Pollution in merge-deep High
CVE-2018-3722 was published for merge-deep (npm) Jul 26, 2018
Prototype Pollution in defaults-deep High
CVE-2018-3723 was published for defaults-deep (npm) Jul 26, 2018
seng1e
Path Traversal in general-file-server High
CVE-2018-3724 was published for general-file-server (npm) Jul 26, 2018
Path Traversal in hekto High
CVE-2018-3725 was published for hekto (npm) Jul 26, 2018
Authentication Bypass in passport-azure-ad High
CVE-2016-7191 was published for passport-azure-ad (npm) Jul 26, 2018
Directory Traversal in cyber-js High
CVE-2017-16093 was published for cyber-js (npm) Jul 27, 2018
Downloads Resources over HTTP in mystem-fix High
CVE-2016-10698 was published for mystem-fix (npm) Jul 27, 2018
High severity vulnerability that affects jquery-ui High
GHSA-g8q2-24jh-5hpc was published for jQuery.UI.Combined (RubyGems) Jul 27, 2018 withdrawn
Path Traversal in mcstatic High
CVE-2018-3730 was published for mcstatic (npm) Jul 27, 2018
Path Traversal in superstatic High
GHSA-wm77-q74p-5763 was published for superstatic (npm) Jul 27, 2018
private_address_check contains race condition High
CVE-2018-3759 was published for private_address_check (RubyGems) Jul 31, 2018
Missing Regex anchor in Rack-Cors allows malicious third party site to perform CORS request High
CVE-2017-11173 was published for rack-cors (RubyGems) Jul 31, 2018
Nokogiri implementation of libxslt lacks integer overflow checks High
CVE-2017-5029 was published for nokogiri (RubyGems) Jul 31, 2018
High severity vulnerability that affects rubyzip High
GHSA-3q5q-f79q-7hr2 was published for rubyzip (RubyGems) Jul 31, 2018 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database