Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

125,483 advisories

Loading
Downloads Resources over HTTP in selenium-portal High
CVE-2016-10667 was published for selenium-portal (npm) Feb 18, 2019
Downloads Resources over HTTP in google-closure-tools-latest High
CVE-2016-10677 was published for google-closure-tools-latest (npm) Feb 18, 2019
Github Token Leak in aegir High
CVE-2017-16225 was published for aegir (npm) Jul 24, 2018
Downloads Resources over HTTP in mystem3 High
CVE-2016-10626 was published for mystem3 (npm) Feb 18, 2019
Regular Expression Denial of Service in negotiator High
CVE-2016-10539 was published for negotiator (npm) Oct 9, 2018
ASP.NET Core allow an elevation of privilege High
CVE-2018-0787 was published for Microsoft.AspNetCore.HttpOverrides (NuGet) Oct 16, 2018
Directory Traversal in geddy High
CVE-2015-5688 was published for geddy (npm) Oct 24, 2017
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
Denial of Service in nes High
CVE-2017-16025 was published for nes (npm) Jul 24, 2018
Downloads Resources over HTTP in scala-bin High
CVE-2016-10627 was published for scala-bin (npm) Feb 18, 2019
Path Traversal in total.js High
CVE-2019-8903 was published for total.js (npm) Feb 20, 2019
Downloads Resources over HTTP in ntfserver High
CVE-2016-10650 was published for ntfserver (npm) Feb 18, 2019
High severity vulnerability that affects org.apache.pdfbox:pdfbox High
CVE-2016-2175 was published for org.apache.pdfbox:pdfbox (Maven) Oct 17, 2018
High severity vulnerability that affects org.dspace:dspace-xmlui High
CVE-2016-10726 was published for org.dspace:dspace-xmlui (Maven) Oct 19, 2018
Downloads Resources over HTTP in massif High
CVE-2016-10682 was published for massif (npm) Feb 18, 2019
SQL injection vulnerability in the policy admin tool in Apache Ranger High
CVE-2016-2174 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Path Traversal in http-live-simulator High
CVE-2019-5423 was published for http-live-simulator (npm) Apr 8, 2019
Downloads Resources over HTTP in haxe3 High
CVE-2016-10688 was published for haxe3 (npm) Aug 17, 2018
Downloads Resources over HTTP in webdriver-launcher High
CVE-2016-10651 was published for webdriver-launcher (npm) Feb 18, 2019
Potential SQL Injection in sequelize High
CVE-2016-10553 was published for sequelize (npm) Feb 18, 2019
AWS Lambda parser is vulnerable to Regular Expression Denial of Service High
CVE-2018-7560 was published for aws-lambda-multipart-parser (npm) Mar 5, 2018
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents High
CVE-2018-0765 was published for System.Security.Cryptography.Xml (NuGet) Oct 16, 2018
Authentication Weakness in keystone High
CVE-2015-9240 was published for keystone (npm) Jun 7, 2018
High severity vulnerability that affects rubyzip High
GHSA-3q5q-f79q-7hr2 was published for rubyzip (RubyGems) Jul 31, 2018 withdrawn
Downloads Resources over HTTP in windows-seleniumjar-mirror High
CVE-2016-10670 was published for windows-seleniumjar-mirror (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database