Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

125,484 advisories

Loading
Downloads Resources over HTTP in react-native-baidu-voice-synthesizer High
CVE-2016-10697 was published for react-native-baidu-voice-synthesizer (npm) Jul 31, 2018
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore High
CVE-2016-4216 was published for com.adobe.xmp:xmpcore (Maven) Oct 19, 2018
Downloads Resources over HTTP in dalek-browser-chrome-canary High
CVE-2016-10584 was published for dalek-browser-chrome-canary (npm) Feb 18, 2019
Downloads Resources over HTTP in strider-sauce High
CVE-2016-10611 was published for strider-sauce (npm) Feb 18, 2019
Downloads Resources over HTTP in qbs High
CVE-2016-10656 was published for qbs (npm) Feb 18, 2019
No CSRF Validation in droppy High
CVE-2016-10529 was published for droppy (npm) Feb 18, 2019
High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core High
CVE-2019-1010260 was published for com.github.shyiko.ktlint:ktlint-core (Maven) Apr 8, 2019
Downloads Resources over HTTP in cobalt-cli High
CVE-2016-10597 was published for cobalt-cli (npm) Feb 18, 2019
Downloads Resources over HTTP in serc.js High
CVE-2016-10678 was published for serc.js (npm) Feb 18, 2019
Downloads Resources over HTTP in go-ipfs-dep High
CVE-2016-10563 was published for go-ipfs-dep (npm) Feb 18, 2019
Downloads Resources over HTTP in pk-app-wonderbox High
CVE-2016-10685 was published for pk-app-wonderbox (npm) Feb 18, 2019
Downloads Resources over HTTP in openframe-glslviewer High
CVE-2016-10607 was published for openframe-glslviewer (npm) Feb 18, 2019
Path Traversal in superstatic High
GHSA-wm77-q74p-5763 was published for superstatic (npm) Jul 27, 2018
Downloads Resources over HTTP in nodewebkit High
CVE-2016-10580 was published for nodewebkit (npm) Feb 18, 2019
Downloads Resources over HTTP in product-monitor High
CVE-2016-10567 was published for product-monitor (npm) Feb 18, 2019
Downloads Resources over HTTP in openframe-image High
CVE-2016-10616 was published for openframe-image (npm) Feb 18, 2019
Command injection in mversion High
CVE-2020-4059 was published for mversion (npm) Jun 18, 2020
Downloads Resources over HTTP in soci High
CVE-2016-10669 was published for soci (npm) Feb 18, 2019
Downloads Resources over HTTP in redis-srvr High
CVE-2016-10639 was published for redis-srvr (npm) Feb 18, 2019
High severity vulnerability that affects org.apache.hbase:hbase High
CVE-2015-1836 was published for org.apache.hbase:hbase (Maven) Oct 18, 2018
ReDoS via long UserAgent header in ua-parser High
CVE-2017-16086 was published for ua-parser (npm) Jul 24, 2018
Command Injection in fs-path High
GHSA-gc94-6w89-hpqr was published for fs-path (npm) Jun 12, 2019
Mooninaut Credited to Mooninaut
Downloads Resources over HTTP in jvminstall High
CVE-2016-10631 was published for jvminstall (npm) Feb 18, 2019
Downloads Resources over HTTP in unicode High
CVE-2016-10578 was published for unicode (npm) Feb 18, 2019
Downloads Resources over HTTP in jstestdriver High
CVE-2016-10643 was published for jstestdriver (npm) Aug 15, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database