GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,933 advisories
Filter by severity
The installation wizard in DotNetNuke (DNN) allows privilege escalation
Critical
CVE-2015-2794
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
FasterXML jackson-databind allows unauthenticated remote code execution
Critical
CVE-2018-7489
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
Critical severity vulnerability that affects recurly-api-client
Critical
CVE-2017-0907
was published
for
recurly-api-client
(NuGet)
Oct 16, 2018
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization
Critical
CVE-2017-3159
was published
for
org.apache.camel:camel-snakeyaml
(Maven)
Oct 16, 2018
jackson-databind is vulnerable to a deserialization flaw
Critical
CVE-2017-7525
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 16, 2018
dojox vulnerable to unescaped string injection
Critical
CVE-2018-15494
was published
for
dojox
(npm)
Oct 15, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller
Critical
CVE-2016-8628
was published
for
ansible
(pip)
Oct 10, 2018
Prototype Pollution in deep-extend
Critical
CVE-2018-3750
was published
for
deep-extend
(npm)
Oct 9, 2018
Verification Bypass in jsonwebtoken
Critical
CVE-2015-9235
was published
for
jsonwebtoken
(npm)
Oct 9, 2018
Prototype Pollution in merge-options
Critical
CVE-2018-3752
was published
for
merge-options
(npm)
Oct 9, 2018
smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature
Critical
CVE-2018-14643
was published
for
smart_proxy_dynflow
(RubyGems)
Oct 8, 2018
Prototype Pollution in async merge-object
Critical
CVE-2018-3753
was published
for
merge-object
(npm)
Sep 18, 2018
Prototype Pollution in merge-recursive
Critical
CVE-2018-3751
was published
for
merge-recursive
(npm)
Sep 18, 2018
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
Insufficient Entropy in cryptiles
Critical
CVE-2018-1000620
was published
for
cryptiles
(npm)
Sep 11, 2018
Sensitive Data Exposure in msrcrypto
Critical
CVE-2018-8319
was published
for
msrcrypto
(npm)
Sep 10, 2018
Command Injection in macaddress
Critical
CVE-2018-13797
was published
for
macaddress
(npm)
Sep 6, 2018
Ansible fails to properly mark lookup-plugin results as unsafe
Critical
CVE-2017-7481
was published
for
ansible
(pip)
Sep 6, 2018
Rubyzip gem contains a Directory Traversal vulnerability in zip file component
Critical
CVE-2018-1000544
was published
for
rubyzip
(RubyGems)
Sep 6, 2018
Nokogiri does not forbid namespace nodes in XPointer ranges
Critical
CVE-2016-4658
was published
for
nokogiri
(RubyGems)
Aug 21, 2018
Privilege Escalation due to Blind NoSQL Injection in flintcms
Critical
CVE-2018-3783
was published
for
flintcms
(npm)
Aug 21, 2018
ProTip!
Advisories are also available from the
GraphQL API