GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,932 advisories
Filter by severity
Git-fastclone passes user modifiable strings directly to a shell command
Critical
CVE-2015-8969
was published
for
git-fastclone
(RubyGems)
Aug 15, 2018
rest-client Gem Vulnerable to Session Fixation
Critical
CVE-2015-1820
was published
for
rest-client
(RubyGems)
Aug 13, 2018
active-support impersonates 'activesupport' gem
Critical
CVE-2018-3779
was published
for
active-support
(RubyGems)
Aug 13, 2018
restforce vulnerable to Improper Input Validation
Critical
CVE-2018-3777
was published
for
restforce
(RubyGems)
Aug 3, 2018
Denial of Service in https-proxy-agent
Critical
CVE-2018-3739
was published
for
https-proxy-agent
(npm)
Jul 27, 2018
Critical severity vulnerability that affects dns-sync
Critical
GHSA-wxvm-fh75-mpgr
was published
for
dns-sync
(npm)
Jul 26, 2018
•
withdrawn
Arbitrary Code Injection in pouchdb
Critical
CVE-2016-10546
was published
for
pouchdb
(npm)
Jul 26, 2018
Pillow Integer overflow in ImagingResampleHorizontal
Critical
CVE-2016-4009
was published
for
Pillow
(pip)
Jul 24, 2018
Chromium Remote Code Execution in electron
Critical
CVE-2017-16151
was published
for
electron
(npm)
Jul 24, 2018
Unsafe deserialization in confire
Critical
CVE-2017-16763
was published
for
confire
(pip)
Jul 18, 2018
Sandbox Breakout in safe-eval
Critical
CVE-2017-16088
was published
for
safe-eval
(npm)
Jul 18, 2018
Code Execution through IIFE in node-serialize
Critical
CVE-2017-5941
was published
for
node-serialize
(npm)
Jul 18, 2018
Code Execution Through IIFE in serialize-to-js
Critical
CVE-2017-5954
was published
for
serialize-to-js
(npm)
Jul 18, 2018
Loaded Databook of Tablib prone to python insertion resulting in command execution
Critical
CVE-2017-2810
was published
for
tablib
(pip)
Jul 13, 2018
Diffoscope may write to arbitrary locations due to an untrusted archive
Critical
CVE-2017-0359
was published
for
diffoscope
(pip)
Jul 13, 2018
Unsafe deserialization in owlmixin
Critical
CVE-2017-16618
was published
for
owlmixin
(pip)
Jul 13, 2018
Unsafe deserialization in MLAlchemy
Critical
CVE-2017-16615
was published
for
MLAlchemy
(pip)
Jul 13, 2018
django_make_app is vulnerable to Code Injection
Critical
CVE-2017-16764
was published
for
django_make_app
(pip)
Jul 13, 2018
ProTip!
Advisories are also available from the
GraphQL API