GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,989
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,133
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,708 advisories
Filter by severity
Use of insecure jQuery version in OctoberCMS
Moderate
GHSA-v73w-r9xg-7cr9
was published
for
october/october
(Composer)
Jun 5, 2020
Information disclosure in JBoss Weld
Moderate
CVE-2014-8122
was published
for
org.jboss.weld:weld-core-bom
(Maven)
Jun 10, 2020
Cross-Site Scripting (XSS) in Verdaccio
Moderate
CVE-2019-14772
was published
for
verdaccio
(npm)
May 29, 2019
Introspection in schema validation in Apollo Server
Moderate
GHSA-w42g-7vfc-xf37
was published
for
apollo-server
(npm)
Jun 5, 2020
Cross-Site Scripting in sanitize-html
Moderate
CVE-2016-1000237
was published
for
sanitize-html
(npm)
Apr 16, 2020
SQL injection in Tortoise ORM
Moderate
CVE-2020-11010
was published
for
tortoise-orm
(pip)
Apr 20, 2020
Path Traversal in statics-server
Moderate
CVE-2019-15596
was published
for
statics-server
(npm)
Mar 31, 2020
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Moderate
CVE-2020-5262
was published
for
easybuild-framework
(pip)
Mar 19, 2020
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-23v3-qfrj-wmgh
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
python-gnupg allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended
Moderate
GHSA-qh62-ch95-63wh
was published
for
python-gnupg
(pip)
Mar 13, 2020
•
withdrawn
Cross-site scripting in PHPMailer
Moderate
CVE-2017-11503
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Moderate
CVE-2020-11094
was published
for
rainlab/debugbar-plugin
(Composer)
Jun 3, 2020
DoS via malicious record IDs in WatermelonDB
Moderate
CVE-2020-4035
was published
for
@nozbe/watermelondb
(npm)
Jun 3, 2020
Cross-Site Scripting in BookStack
Moderate
CVE-2020-11055
was published
for
ssddanbrown/bookstack
(Composer)
May 7, 2020
Internal NCryptDecrypt method could be used externally from WindowsHello library.
Moderate
CVE-2020-11005
was published
for
HaemmerElectronics.SeppPenner.WindowsHello
(NuGet)
Apr 14, 2020
Persistent Cross-Site scripting in Nexus Repository Manager
Moderate
CVE-2020-10203
was published
for
org.sonatype.nexus:nexus-core
(Maven)
Apr 14, 2020
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Moderate
CVE-2019-10785
was published
for
dojox
(npm)
Feb 13, 2020
Incorrect Default Permissions in keyring
Moderate
CVE-2012-5578
was published
for
keyring
(pip)
Mar 10, 2020
path traversal in Jooby
Moderate
CVE-2020-7647
was published
for
io.jooby:jooby
(Maven)
May 13, 2020
Potential Observable Timing Discrepancy in Wagtail
Moderate
CVE-2020-11037
was published
for
wagtail
(pip)
May 7, 2020
ProTip!
Advisories are also available from the
GraphQL API