GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,990
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,133
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,961 advisories
Filter by severity
Sensitive Data Exposure in msrcrypto
Critical
CVE-2018-8319
was published
for
msrcrypto
(npm)
Sep 10, 2018
Malicious Package in dossier
Critical
GHSA-c8h6-89q2-mgv8
was published
for
dossier
(npm)
Sep 1, 2020
Authentication Bypass in console-io
Critical
CVE-2016-10532
was published
for
console-io
(npm)
Feb 18, 2019
Potential Command Injection in hubot-scripts
Critical
CVE-2013-7378
was published
for
hubot-scripts
(npm)
Aug 31, 2020
Cross-Site Scripting in swagger-ui
Critical
CVE-2016-5682
was published
for
swagger-ui
(npm)
Sep 1, 2020
False-positive validity for NFT1 genesis transactions in SLPJS
Critical
CVE-2020-15130
was published
for
slpjs
(npm)
Jul 30, 2020
XML External Entity (XXE) vulnerability in codelibs fess
Critical
CVE-2018-1000822
was published
for
org.codelibs.fess:fess
(Maven)
Dec 20, 2018
Use of Insufficiently Random Values in penggle:kaptcha
Critical
CVE-2018-18531
was published
for
com.github.penggle:kaptcha
(Maven)
Oct 23, 2018
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
Critical
CVE-2018-16115
was published
for
com.typesafe.akka:akka-actor_2.11
(Maven)
Oct 22, 2018
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload
Critical
CVE-2018-9206
was published
for
blueimp-file-upload
(npm)
Oct 22, 2018
Deserialization Code Execution in js-yaml
Critical
CVE-2013-4660
was published
for
js-yaml
(npm)
Oct 24, 2017
Critical severity vulnerability that affects dns-sync
Critical
GHSA-wxvm-fh75-mpgr
was published
for
dns-sync
(npm)
Jul 26, 2018
•
withdrawn
Critical severity vulnerability that affects Haraka
Critical
CVE-2016-1000282
was published
for
Haraka
(npm)
Feb 12, 2019
Critical severity vulnerability that affects org.apache.solr:solr-core
Critical
CVE-2019-0192
was published
for
org.apache.solr:solr-core
(Maven)
Mar 14, 2019
The installation wizard in DotNetNuke (DNN) allows privilege escalation
Critical
CVE-2015-2794
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Authentication Bypass in hapi-auth-jwt2
Critical
CVE-2016-10525
was published
for
hapi-auth-jwt2
(npm)
Feb 18, 2019
Command Injection in macaddress
Critical
CVE-2018-13797
was published
for
macaddress
(npm)
Sep 6, 2018
Critical severity vulnerability that affects recurly-api-client
Critical
CVE-2017-0907
was published
for
recurly-api-client
(NuGet)
Oct 16, 2018
Prototype Pollution in merge-options
Critical
CVE-2018-3752
was published
for
merge-options
(npm)
Oct 9, 2018
Denial of Service in https-proxy-agent
Critical
CVE-2018-3739
was published
for
https-proxy-agent
(npm)
Jul 27, 2018
Critical severity vulnerability that affects Auth0-WCF-Service-JWT
Critical
CVE-2019-7644
was published
for
Auth0-WCF-Service-JWT
(NuGet)
Apr 18, 2019
Privilege Escalation due to Blind NoSQL Injection in flintcms
Critical
CVE-2018-3783
was published
for
flintcms
(npm)
Aug 21, 2018
Django-Anymail prone to a timing attack
Critical
CVE-2018-6596
was published
for
django-anymail
(pip)
Jul 12, 2018
Critical severity vulnerability that affects generator-jhipster
Critical
GHSA-mwp6-j9wf-968c
was published
for
generator-jhipster
(npm)
Sep 13, 2019
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API