GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
10,598 advisories
Filter by severity
Path Traversal in openapi-python-client
Low
CVE-2020-15141
was published
for
openapi-python-client
(pip)
Aug 20, 2020
Context isolation bypass via Promise in Electron
Low
CVE-2020-15096
was published
for
electron
(npm)
Jul 7, 2020
Silently Runs Cryptocoin Miner in hooka-tools
Low
GHSA-m36m-x4c5-rjxj
was published
for
hooka-tools
(npm)
Sep 1, 2020
Incorrect Permission Assignment for Critical Resource in Apache hive
Low
CVE-2018-1315
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Prototype Pollution in merge-objects
Low
GHSA-992f-wf4w-x36v
was published
for
merge-objects
(npm)
Sep 1, 2020
Cross Site Scripting in baserCMS
Low
CVE-2020-15154
was published
for
baserproject/basercms
(Composer)
Aug 28, 2020
Cross Site Scripting and RCE in baserCMS
Low
CVE-2020-15159
was published
for
baserproject/basercms
(Composer)
Aug 28, 2020
methodOverride Middleware Reflected Cross-Site Scripting in connect
Low
CVE-2013-7370
was published
for
connect
(npm)
Aug 31, 2020
Incorrect Calculation in bigint-money
Low
GHSA-9r3m-mhfm-39cm
was published
for
bigint-money
(npm)
Sep 11, 2020
Denial of Service in apostrophe
Low
GHSA-pv6r-vchh-cxg9
was published
for
apostrophe
(npm)
Sep 3, 2020
Information Exposure in type-graphql
Low
GHSA-xf64-2f9p-6pqq
was published
for
type-graphql
(npm)
Sep 4, 2020
Arbitrary File Write in bin-links
Low
GHSA-gqf6-75v8-vr26
was published
for
bin-links
(npm)
Sep 4, 2020
Reflected Cross-Site Scripting in redis-commander
Low
GHSA-8c8c-4vfj-rrpc
was published
for
redis-commander
(npm)
Sep 1, 2020
Prototype Pollution in @hapi/hoek
Low
GHSA-22h7-7wwg-qmgg
was published
for
@hapi/hoek
(npm)
Sep 4, 2020
Context isolation bypass in Electron
Low
CVE-2020-15215
was published
for
electron
(npm)
Oct 6, 2020
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Low
CVE-2020-15239
was published
for
xmpp-http-upload
(pip)
Oct 6, 2020
Persistent XSS in customer module in Shopware
Low
GHSA-6gv9-7q4g-pmvm
was published
for
shopware/shopware
(Composer)
Nov 13, 2020
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Low
CVE-2020-15273
was published
for
baserproject/basercms
(Composer)
Nov 4, 2020
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Low
GHSA-47qg-q58v-7vrp
was published
for
amundsen-frontend
(pip)
Dec 2, 2020
CHECK-fail in LSTM with zero-length input in TensorFlow
Low
CVE-2020-26270
was published
for
tensorflow
(pip)
Dec 10, 2020
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
Low
CVE-2020-15155
was published
for
baserproject/basercms
(Composer)
Aug 28, 2020
ProTip!
Advisories are also available from the
GraphQL API