GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,778
Maven
5,000+
npm
3,544
NuGet
619
pip
3,128
Pub
10
RubyGems
838
Rust
792
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,960 advisories
Filter by severity
Local file inclusion vulnerability in http4s
Critical
CVE-2020-5280
was published
for
org.http4s:http4s-server_2.12
(Maven)
Mar 25, 2020
Deserialization of Untrusted Data in Apache Olingo
Critical
CVE-2019-17556
was published
for
org.apache.olingo:odata-client-proxy
(Maven)
Feb 4, 2020
Unrestricted upload of file with dangerous type in Apache Solr
Critical
CVE-2019-12409
was published
for
org.apache.solr:solr-core
(Maven)
Jan 28, 2020
SQL injection in phpMyAdmin
Critical
CVE-2019-18622
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 16, 2020
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Critical
CVE-2019-10913
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
Identity Spoofing in libp2p-secio
Critical
GHSA-rch7-f4h5-x9rj
was published
for
libp2p-secio
(npm)
Aug 23, 2019
Authentication Bypass For Endpoints With Anonymous Access in Opencast
Critical
CVE-2020-5206
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Remote code execution in verot/class.upload.php
Critical
CVE-2019-19576
was published
for
verot/class.upload.php
(Composer)
Jan 16, 2020
SQL Injection in usmanhalalit/pixie
Critical
CVE-2019-10766
was published
for
usmanhalalit/pixie
(Composer)
Nov 20, 2019
Backdoor / Malicious code
Critical
GHSA-q2hm-gx3f-h63q
was published
for
lita-coin
(RubyGems)
Feb 23, 2021
•
withdrawn
Failure to sanitize quotes which can lead to sql injection in squel
Critical
GHSA-4qhx-g9wp-g9m6
was published
for
squel
(npm)
Jun 14, 2019
Privilege Escalation in express-cart
Critical
GHSA-3fc5-9x9m-vqc4
was published
for
express-cart
(npm)
Jun 3, 2019
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople
Critical
GHSA-4vmm-mhcq-4x9j
was published
for
constantinople
(npm)
Jun 14, 2019
Generated code can read and write out of bounds in safe code
Critical
GHSA-3jch-9qgp-4844
was published
for
flatbuffers
(Rust)
Jun 16, 2022
ckb: Transaction header_deps validation issue (network forking)
Critical
GHSA-7fw6-6mfj-g3q2
was published
for
ckb
(Rust)
Nov 2, 2022
jackson-dataformat-xml vulnerable to XML external entity (XXE)
Critical
CVE-2016-3720
was published
for
com.fasterxml.jackson.dataformat:jackson-dataformat-xml
(Maven)
Oct 18, 2018
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Critical
CVE-2016-4800
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-99r3-xmmq-7q7g
was published
for
ezsystems/ezpublish-kernel
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-8h83-chh2-fchp
was published
for
ezsystems/ezplatform-kernel
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-pcpm-vc4v-cmvx
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Nov 10, 2022
ProTip!
Advisories are also available from the
GraphQL API