Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

93,336 advisories

Prototype Pollution in @apollo/gateway High
GHSA-74cr-77xc-8g6r was published for @apollo/gateway (npm) Jun 13, 2019
Directory Traversal in lactate High
GHSA-68gr-cmcp-g3mj was published for lactate (npm) Jun 14, 2019
Cross-Site Scripting (XSS) in cloudcmd High
GHSA-m8fw-534v-xm85 was published for cloudcmd (npm) Jun 4, 2019
Denial of Service in https-proxy-agent High
GHSA-qrg3-f6h6-vq8q was published for https-proxy-agent (npm) Aug 19, 2020 withdrawn
Command Injection in wiki-plugin-datalog High
GHSA-pm52-wwrw-c282 was published for wiki-plugin-datalog (npm) Jun 13, 2019
Path Traversal in serve-here.js High
GHSA-g8m7-qhv7-9h5x was published for serve-here (npm) Jul 5, 2019
Remote Code Execution in node-os-utils High
GHSA-j9f8-8h89-j69x was published for node-os-utils (npm) Jun 11, 2019
Denial of Service High
GHSA-j95h-wmx9-4279 was published for sails (npm) Feb 25, 2021 withdrawn
Cross-Site Scripting in ids-enterprise High
GHSA-crfx-5phg-hmw9 was published for ids-enterprise (npm) Jun 13, 2019
Message Signature Bypass in openpgp High
CVE-2019-9153 was published for openpgp (npm) Aug 23, 2019
Possible remote code execution via a remote procedure call High
GHSA-9ggp-4jpr-7ppj was published for rpyc (pip) Nov 20, 2019 withdrawn
user/group information can be corrupted across storing in fsimage and reading back from fsimage High
CVE-2018-11768 was published for org.apache.hadoop:hadoop-main (Maven) Nov 20, 2019
Unauthenticated crypto and weak IV in Magento\Framework\Encryption High
CVE-2016-6485 was published for magento/community-edition (Composer) Nov 20, 2019
Local Privilege Escalation in PyInstaller High
CVE-2019-16784 was published for PyInstaller (pip) Jan 16, 2020
faridtsl lnv42
htgoebel
Unauthenticated Access Via OAI-PMH High
CVE-2020-5228 was published for org.opencastproject:opencast-oaipmh-api (Maven) Jan 30, 2020
Remote Code Execution in Angular Expressions High
CVE-2020-5219 was published for angular-expressions (npm) Jan 24, 2020
MaxNad
Segmentation faultin TensorFlow when converting a Python string to `tf.float16` High
CVE-2020-5215 was published for tensorflow (pip) Jan 28, 2020
Path Traversal in algo-httpserv High
GHSA-cgjv-rghq-qhgp was published for algo-httpserv (npm) Sep 11, 2019
Improper Key Verification in openpgp High
CVE-2019-9154 was published for openpgp (npm) Aug 23, 2019
Cross-Site Scripting in vant High
GHSA-9xr8-8hmc-389f was published for vant (npm) Nov 22, 2019
PrestaShop autoupgrade module ZIP archives were vulnerable from CVE-2017-9841 High
GHSA-wqq8-mqj9-697f was published for prestashop/autoupgrade (Composer) Jan 8, 2020
Feedgen Vulnerable to XML Denial of Service Attacks High
CVE-2020-5227 was published for feedgen (pip) Jan 28, 2020
Timing attacks might allow practical recovery of the long-term private key High
CVE-2019-10764 was published for simplito/elliptic-php (Composer) Nov 20, 2019
Uncontrolled resource consumption in validators Python package High
CVE-2019-19588 was published for validators (pip) Jan 21, 2020
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes High
CVE-2019-18857 was published for enshrined/svg-sanitize (Composer) Jan 8, 2020
ohader
ProTip! Advisories are also available from the GraphQL API