Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,933 advisories

JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. Critical
CVE-2018-15531 was published for net.bull.javamelody:javamelody-core (Maven) Oct 17, 2018
Arbitrary Code Injection in reduce-css-calc Critical
CVE-2016-10548 was published for reduce-css-calc (npm) Jun 7, 2018
Verification Bypass in jsonwebtoken Critical
CVE-2015-9235 was published for jsonwebtoken (npm) Oct 9, 2018
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character Critical
CVE-2017-7676 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Potential Command Injection in printer Critical
CVE-2014-3741 was published for printer (npm) Nov 28, 2017
Sandbox Breakout in realms-shim Critical
GHSA-6jg8-7333-554w was published for realms-shim (npm) Oct 4, 2019
Critical severity vulnerability that affects slpjs Critical
CVE-2019-16762 was published for slpjs (npm) Nov 15, 2019
Sandbox Breakout in realms-shim Critical
GHSA-7cg8-pq9v-x98q was published for realms-shim (npm) Oct 21, 2019
Arbitrary JavaScript Execution in bassmaster Critical
CVE-2014-7205 was published for bassmaster (npm) Oct 24, 2017
class.upload.php in verot.net omits .pht from the set of dangerous file extensions Critical
CVE-2019-19634 was published for verot/class.upload.php (Composer) Feb 28, 2020
Validation Bypass in slp-validate Critical
CVE-2019-16761 was published for slp-validate (npm) Nov 15, 2019
Improper Input Validation in Symfony Critical
CVE-2019-11325 was published for symfony/symfony (Composer) Feb 12, 2020
python-docutils allows insecure usage of temporary files Critical
CVE-2009-5042 was published for docutils (pip) Mar 13, 2020
SQL injection in Centreon Critical
CVE-2019-16194 was published for centreon/centreon (Composer) Feb 11, 2020
Negative charge in shopping cart in Shopizer Critical
CVE-2020-11007 was published for com.shopizer:sm-core-model (Maven) Apr 22, 2020
Validation Bypass in schema-inspector Critical
CVE-2019-10781 was published for schema-inspector (npm) Jun 10, 2020
OS command injection in git-diff-apply Critical
CVE-2019-10776 was published for git-diff-apply (npm) Feb 14, 2020
OS command injection in aws-lambda Critical
CVE-2019-10777 was published for aws-lambda (npm) Feb 14, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11071 was published for slpjs (npm) May 12, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11072 was published for slp-validate (npm) May 12, 2020
curlrequest allows execution of arbitrary commands Critical
CVE-2020-7646 was published for curlrequest (npm) May 13, 2020
Command Injection in hot-formula-parser Critical
CVE-2020-6836 was published for hot-formula-parser (npm) May 6, 2020
Local file inclusion vulnerability in http4s Critical
CVE-2020-5280 was published for org.http4s:http4s-server_2.12 (Maven) Mar 25, 2020
OS Command Injection in devcert-sanscache Critical
CVE-2019-10778 was published for devcert-sanscache (npm) Apr 14, 2020
Deserialization of Untrusted Data in Apache Olingo Critical
CVE-2019-17556 was published for org.apache.olingo:odata-client-proxy (Maven) Feb 4, 2020
ProTip! Advisories are also available from the GraphQL API