Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,990
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,133
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,961 advisories

Loading
Sensitive Data Exposure in msrcrypto Critical
CVE-2018-8319 was published for msrcrypto (npm) Sep 10, 2018
Malicious Package in dossier Critical
GHSA-c8h6-89q2-mgv8 was published for dossier (npm) Sep 1, 2020
Authentication Bypass in console-io Critical
CVE-2016-10532 was published for console-io (npm) Feb 18, 2019
Potential Command Injection in hubot-scripts Critical
CVE-2013-7378 was published for hubot-scripts (npm) Aug 31, 2020
Cross-Site Scripting in swagger-ui Critical
CVE-2016-5682 was published for swagger-ui (npm) Sep 1, 2020
False-positive validity for NFT1 genesis transactions in SLPJS Critical
CVE-2020-15130 was published for slpjs (npm) Jul 30, 2020
XML External Entity (XXE) vulnerability in codelibs fess Critical
CVE-2018-1000822 was published for org.codelibs.fess:fess (Maven) Dec 20, 2018
Use of Insufficiently Random Values in penggle:kaptcha Critical
CVE-2018-18531 was published for com.github.penggle:kaptcha (Maven) Oct 23, 2018
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor Critical
CVE-2018-16115 was published for com.typesafe.akka:akka-actor_2.11 (Maven) Oct 22, 2018
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload Critical
CVE-2018-9206 was published for blueimp-file-upload (npm) Oct 22, 2018
Deserialization Code Execution in js-yaml Critical
CVE-2013-4660 was published for js-yaml (npm) Oct 24, 2017
Critical severity vulnerability that affects dns-sync Critical
GHSA-wxvm-fh75-mpgr was published for dns-sync (npm) Jul 26, 2018 withdrawn
Critical severity vulnerability that affects Haraka Critical
CVE-2016-1000282 was published for Haraka (npm) Feb 12, 2019
Critical severity vulnerability that affects org.apache.solr:solr-core Critical
CVE-2019-0192 was published for org.apache.solr:solr-core (Maven) Mar 14, 2019
The installation wizard in DotNetNuke (DNN) allows privilege escalation Critical
CVE-2015-2794 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
Authentication Bypass in hapi-auth-jwt2 Critical
CVE-2016-10525 was published for hapi-auth-jwt2 (npm) Feb 18, 2019
Command Injection in macaddress Critical
CVE-2018-13797 was published for macaddress (npm) Sep 6, 2018
Critical severity vulnerability that affects recurly-api-client Critical
CVE-2017-0907 was published for recurly-api-client (NuGet) Oct 16, 2018
Prototype Pollution in merge-options Critical
CVE-2018-3752 was published for merge-options (npm) Oct 9, 2018
Denial of Service in https-proxy-agent Critical
CVE-2018-3739 was published for https-proxy-agent (npm) Jul 27, 2018
kurt-r2c
Critical severity vulnerability that affects Auth0-WCF-Service-JWT Critical
CVE-2019-7644 was published for Auth0-WCF-Service-JWT (NuGet) Apr 18, 2019
Privilege Escalation due to Blind NoSQL Injection in flintcms Critical
CVE-2018-3783 was published for flintcms (npm) Aug 21, 2018
Command Injection in dns-sync Critical
CVE-2017-16100 was published for dns-sync (npm) Jul 18, 2018
Django-Anymail prone to a timing attack Critical
CVE-2018-6596 was published for django-anymail (pip) Jul 12, 2018
Critical severity vulnerability that affects generator-jhipster Critical
GHSA-mwp6-j9wf-968c was published for generator-jhipster (npm) Sep 13, 2019 withdrawn
JLLeitschuh
ProTip! Advisories are also available from the GraphQL API