Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

125,483 advisories

Loading
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0592 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Downloads Resources over HTTP in tomita High
CVE-2016-10662 was published for tomita (npm) Feb 18, 2019
Denial of Service in mqtt-packet High
CVE-2016-10523 was published for mqtt-packet (npm) Feb 18, 2019
Downloads Resources over HTTP in fis-parser-sass-bin High
CVE-2016-10660 was published for fis-parser-sass-bin (npm) Feb 18, 2019
Downloads Resources over HTTP in sfml High
CVE-2016-10654 was published for sfml (npm) Feb 18, 2019
Downloads Resources over HTTP in co-cli-installer High
CVE-2016-10657 was published for co-cli-installer (npm) Feb 18, 2019
High severity vulnerability that affects indico High
GHSA-67cx-rhhq-mfhq was published for indico (pip) Oct 11, 2019
High severity vulnerability that affects electron High
CVE-2016-1202 was published for electron (npm) Oct 24, 2017
Symlink Arbitrary File Overwrite in tar High
CVE-2015-8860 was published for tar (npm) Oct 24, 2017
Downloads Resources over HTTP in air-sdk High
CVE-2016-10603 was published for air-sdk (npm) Feb 18, 2019
Keystone is vulnerable to CSV injection High
CVE-2017-15879 was published for keystone (npm) Nov 16, 2017
Downloads Resources over HTTP in kindlegen High
CVE-2016-10575 was published for kindlegen (npm) Feb 18, 2019
Downloads Resources over HTTP in macaca-chromedriver High
CVE-2016-10586 was published for macaca-chromedriver (npm) Feb 18, 2019
Downloads Resources over HTTP in nw High
CVE-2016-10588 was published for nw (npm) Feb 18, 2019
Downloads Resources over HTTP in healthcenter High
CVE-2016-10684 was published for healthcenter (npm) Feb 18, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0611 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Downloads Resources over HTTP in libxl High
CVE-2016-10585 was published for libxl (npm) Feb 18, 2019
Downloads Resources over HTTP in unicode-json High
CVE-2016-10610 was published for unicode-json (npm) Feb 18, 2019
Downloads Resources over HTTP in mystem-fix High
CVE-2016-10698 was published for mystem-fix (npm) Jul 27, 2018
Downloads Resources over HTTP in iedriver High
CVE-2016-10562 was published for iedriver (npm) Feb 18, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0769 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Downloads Resources over HTTP in node-thulac High
CVE-2016-10640 was published for node-thulac (npm) Feb 18, 2019
High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 High
CVE-2018-16131 was published for com.typesafe.akka:akka-http-core_2.11 (Maven) Oct 22, 2018
High severity vulnerability that affects festivaltts4r High
GHSA-9wv8-jgw4-4g28 was published for festivaltts4r (RubyGems) Aug 15, 2018 withdrawn
Missing Origin Validation in webpack-dev-server High
CVE-2018-14732 was published for webpack-dev-server (npm) Jan 4, 2019
NikoRaisanen Credited to NikoRaisanen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database