Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,598 advisories

Path Traversal in openapi-python-client Low
CVE-2020-15141 was published for openapi-python-client (pip) Aug 20, 2020
pawamoy emann
Context isolation bypass via Promise in Electron Low
CVE-2020-15096 was published for electron (npm) Jul 7, 2020
MarshallOfSound
Silently Runs Cryptocoin Miner in hooka-tools Low
GHSA-m36m-x4c5-rjxj was published for hooka-tools (npm) Sep 1, 2020
Incorrect Permission Assignment for Critical Resource in Apache hive Low
CVE-2018-1315 was published for org.apache.hive:hive (Maven) Nov 21, 2018
Prototype Pollution in merge-objects Low
GHSA-992f-wf4w-x36v was published for merge-objects (npm) Sep 1, 2020
Cross Site Scripting in baserCMS Low
CVE-2020-15154 was published for baserproject/basercms (Composer) Aug 28, 2020
Aquilao
Cross Site Scripting and RCE in baserCMS Low
CVE-2020-15159 was published for baserproject/basercms (Composer) Aug 28, 2020
stypr
methodOverride Middleware Reflected Cross-Site Scripting in connect Low
CVE-2013-7370 was published for connect (npm) Aug 31, 2020
Local Privilege Escalation in npm Low
CVE-2013-4116 was published for npm (npm) Sep 1, 2020
Incorrect Calculation in bigint-money Low
GHSA-9r3m-mhfm-39cm was published for bigint-money (npm) Sep 11, 2020
Denial of Service in apostrophe Low
GHSA-pv6r-vchh-cxg9 was published for apostrophe (npm) Sep 3, 2020
Information Exposure in type-graphql Low
GHSA-xf64-2f9p-6pqq was published for type-graphql (npm) Sep 4, 2020
Arbitrary File Write in bin-links Low
GHSA-gqf6-75v8-vr26 was published for bin-links (npm) Sep 4, 2020
Reflected Cross-Site Scripting in redis-commander Low
GHSA-8c8c-4vfj-rrpc was published for redis-commander (npm) Sep 1, 2020
sseide
Prototype Pollution in @hapi/hoek Low
GHSA-22h7-7wwg-qmgg was published for @hapi/hoek (npm) Sep 4, 2020
Context isolation bypass in Electron Low
CVE-2020-15215 was published for electron (npm) Oct 6, 2020
nornagon MarshallOfSound
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request Low
CVE-2020-15239 was published for xmpp-http-upload (pip) Oct 6, 2020
ChristianTacke
Persistent XSS in customer module in Shopware Low
GHSA-6gv9-7q4g-pmvm was published for shopware/shopware (Composer) Nov 13, 2020
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 Low
CVE-2020-15273 was published for baserproject/basercms (Composer) Nov 4, 2020
Aquilao
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend Low
GHSA-47qg-q58v-7vrp was published for amundsen-frontend (pip) Dec 2, 2020
dorianj
CHECK-fail in LSTM with zero-length input in TensorFlow Low
CVE-2020-26270 was published for tensorflow (pip) Dec 10, 2020
XXE in petl Low
GHSA-f5gc-p5m3-v347 was published for petl (pip) Dec 2, 2020
nvn1729
Sensitive Data Exposure in put Low
GHSA-v6gv-fg46-h89j was published for put (npm) Sep 3, 2020
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings Low
CVE-2020-15155 was published for baserproject/basercms (Composer) Aug 28, 2020
Aquilao
Out-of-bounds Read in njwt Low
GHSA-g3qw-9pgp-xpj4 was published for njwt (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API