GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,693 advisories
Filter by severity
Marked vulnerable to XSS from data URIs
Moderate
CVE-2017-1000427
was published
for
marked
(npm)
Jan 4, 2018
Moderate severity vulnerability that affects marked
Moderate
CVE-2017-17461
was published
for
marked
(npm)
Jan 4, 2018
•
withdrawn
private_address_check vulnerable to bypass of Resolv.getaddresses method
Moderate
CVE-2017-0904
was published
for
private_address_check
(RubyGems)
Nov 29, 2017
Geminabox contains Cross-site Scripting
Moderate
CVE-2017-16792
was published
for
geminabox
(RubyGems)
Nov 29, 2017
Gemirro Stored XSS in Gemspec "homepage" value
Moderate
CVE-2017-16833
was published
for
gemirro
(RubyGems)
Nov 29, 2017
Cross-Site Scripting in keystone
Moderate
CVE-2017-15881
was published
for
keystone
(npm)
Nov 16, 2017
cairo is vulnerable to denial of service due to a null pointer dereference
Moderate
CVE-2017-7475
was published
for
cairo
(RubyGems)
Nov 15, 2017
Cross-Site Scripting in keystone
Moderate
CVE-2017-15878
was published
for
keystone
(npm)
Nov 15, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2011-2932
was published
for
activesupport
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2011-3187
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2011-2931
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Cross-site Scripting in actionpack
Moderate
CVE-2012-1099
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Action Pack contains database-query restrictions bypass
Moderate
CVE-2012-2660
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
Moderate
CVE-2012-2694
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2011-2929
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Improper Authentication vulnerability
Moderate
CVE-2012-3424
was published
for
actionpack
(RubyGems)
Oct 24, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2012-1098
was published
for
activesupport
(RubyGems)
Oct 24, 2017
WEBrick Improper Input Validation vulnerability
Moderate
CVE-2009-4492
was published
for
webrick
(RubyGems)
Oct 24, 2017
Mail Gem Path Traversal vulnerability
Moderate
CVE-2012-2139
was published
for
mail
(RubyGems)
Oct 24, 2017
gtk2 vulnerable to Use of Externally-Controlled Format String
Moderate
CVE-2007-6183
was published
for
gtk2
(RubyGems)
Oct 24, 2017
Mail Improper Input Validation vulnerability
Moderate
CVE-2011-0739
was published
for
mail
(RubyGems)
Oct 24, 2017
rails Cross-site Scripting vulnerability
Moderate
CVE-2011-2197
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack CRLF injection vulnerability
Moderate
CVE-2011-3186
was published
for
actionpack
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API