Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
PyOpenSSL Use-After-Free vulnerability High
CVE-2018-1000807 was published for pyopenssl (pip) Oct 10, 2018
tdunlap607 Credited to tdunlap607
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data High
CVE-2018-1000656 was published for flask (pip) Aug 23, 2018
tdunlap607 Credited to tdunlap607
redcarpet Buffer Overflow vulnerability High
CVE-2015-5147 was published for redcarpet (RubyGems) Aug 15, 2018
tdunlap607 Credited to tdunlap607
Regular Expression Denial of Service in charset High
CVE-2017-16098 was published for charset (npm) Aug 9, 2018
tdunlap607 Credited to tdunlap607
Regular Expression Denial of Service in tough-cookie High
CVE-2017-15010 was published for tough-cookie (npm) Jul 24, 2018
tdunlap607 Credited to tdunlap607
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input High
CVE-2017-16138 was published for mime (npm) Jul 20, 2018
rsalvo77 Credited to rsalvo77 and tdunlap607 tdunlap607 tdunlap607
Denial of Service in ecstatic High
CVE-2015-9242 was published for ecstatic (npm) Jun 7, 2018
tdunlap607 Credited to tdunlap607
Regular Expression Denial of Service in moment High
CVE-2017-18214 was published for moment (npm) Mar 5, 2018
tdunlap607 Credited to tdunlap607
Next.js Directory Traversal Vulnerability High
CVE-2017-16877 was published for next (npm) Dec 5, 2017
tdunlap607 Credited to tdunlap607
yajl-ruby gem Denial of Service vulnerability High
CVE-2017-16516 was published for yajl-ruby (RubyGems) Nov 28, 2017
tdunlap607 Credited to tdunlap607
activerecord vulnerable to SQL Injection High
CVE-2011-0448 was published for activerecord (RubyGems) Oct 24, 2017
tdunlap607 Credited to tdunlap607
nori contains Improper Input Validation High
CVE-2013-0285 was published for nori (RubyGems) Oct 24, 2017
tdunlap607 Credited to tdunlap607
Improper Input Validation in multi_xml High
CVE-2013-0175 was published for multi_xml (RubyGems) Oct 24, 2017
tdunlap607 Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database