Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

125,483 advisories

Loading
DoS due to excessively large websocket message in ws High
CVE-2016-10542 was published for ws (npm) Feb 18, 2019
Downloads Resources over HTTP in fibjs High
CVE-2016-10621 was published for fibjs (npm) Feb 18, 2019
Downloads Resources over HTTP in tomita-parser High
CVE-2016-10666 was published for tomita-parser (npm) Feb 18, 2019
Downloads Resources over HTTP in baryton-saxophone High
CVE-2016-10573 was published for baryton-saxophone (npm) Feb 18, 2019
In blynk-server a Directory Traversal exists High
CVE-2018-17785 was published for com.github.blynkkk:blynk-server (Maven) Oct 17, 2018
Downloads Resources over HTTP in httpsync High
CVE-2016-10614 was published for httpsync (npm) Feb 18, 2019
Default Express middleware security check is ignored in production High
GHSA-4j6x-w426-6rc6 was published for @cubejs-backend/api-gateway (npm) Nov 8, 2019
Apache Tika does not properly initialize the XML parser or choose handlers High
CVE-2016-4434 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Potential for Script Injection in syntax-error High
CVE-2014-7192 was published for syntax-error (npm) Oct 24, 2017
RDIL Credited to RDIL
Downloads Resources over HTTP in bionode-sra High
CVE-2016-10613 was published for bionode-sra (npm) Feb 18, 2019
Downloads Resources over HTTP in webrtc-native High
CVE-2016-10600 was published for webrtc-native (npm) Feb 18, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0639 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Authentication Bypass in passport-azure-ad High
CVE-2016-7191 was published for passport-azure-ad (npm) Jul 26, 2018
Path Traversal in http-live-simulator High
CVE-2018-16479 was published for http-live-simulator (npm) Feb 7, 2019
High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua High
CVE-2018-12086 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 16, 2018
Downloads Resources over HTTP in mongodb-instance High
CVE-2016-10572 was published for mongodb-instance (npm) Feb 18, 2019
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service High
CVE-2015-7521 was published for org.apache.hive:hive (Maven) Nov 21, 2018
Downloads Resources over HTTP in curses High
CVE-2016-10615 was published for curses (npm) Feb 18, 2019
Downloads Resources over HTTP in operadriver High
CVE-2016-10565 was published for operadriver (npm) Feb 18, 2019
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow High
CVE-2018-11778 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Downloads Resources over HTTP in box2d-native High
CVE-2016-10617 was published for box2d-native (npm) Feb 18, 2019
Downloads Resources over HTTP in macaca-chromedriver-zxa High
CVE-2016-10623 was published for macaca-chromedriver-zxa (npm) Feb 18, 2019
High severity vulnerability that affects qs High
GHSA-crvj-3gj9-gm2p was published for qs (npm) Oct 9, 2018 withdrawn
High severity vulnerability that affects PeterO.Cbor High
GHSA-cxw4-9qv9-vx5h was published for PeterO.Cbor (NuGet) Sep 30, 2019
Denial-of-Service Extended Event Loop Blocking in qs High
CVE-2014-10064 was published for qs (npm) Oct 9, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database