GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,037
Erlang
29
GitHub Actions
18
Go
1,858
Maven
5,000+
npm
3,587
NuGet
636
pip
3,170
Pub
10
RubyGems
851
Rust
804
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,823 advisories
Filter by severity
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-544j-77x9-h938
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-15713
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Information Exposure on Case Insensitive File Systems in serve
Moderate
CVE-2018-3809
was published
for
serve
(npm)
Jul 18, 2018
Regular Expression Denial of Service in ssri
Moderate
CVE-2018-7651
was published
for
ssri
(npm)
Mar 7, 2018
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
Moderate
CVE-2018-10936
was published
for
org.postgresql:pgjdbc-aggregate
(Maven)
Oct 19, 2018
Downloads Resources over HTTP in jser-stat
Moderate
CVE-2016-10592
was published
for
jser-stat
(npm)
Feb 18, 2019
Moderate severity vulnerability that affects validator
Moderate
CVE-2013-7453
was published
for
validator
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects feedparser
Moderate
CVE-2011-1158
was published
for
feedparser
(pip)
Jul 23, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2015-7940
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects Plone and Zope2
Moderate
CVE-2012-6661
was published
for
Plone
(pip)
Jul 23, 2018
Moderate severity vulnerability that affects moin
Moderate
CVE-2017-5934
was published
for
moin
(pip)
Jan 4, 2019
Moderate severity vulnerability that affects org.apache.juddi:juddi-client
Moderate
CVE-2015-5241
was published
for
org.apache.juddi:juddi-client
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv
Moderate
GHSA-3m2r-q8x3-xmf7
was published
for
Microsoft.AspNetCore.All
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects mustache
Moderate
GHSA-3233-rgx3-c2wh
was published
for
mustache
(npm)
Oct 9, 2018
•
withdrawn
Moderate severity vulnerability that affects Plone and plone.app.users
Moderate
CVE-2011-1950
was published
for
Plone
(pip)
Jul 23, 2018
Moderate severity vulnerability that affects activesupport
Moderate
GHSA-35c4-f3rq-f9g3
was published
for
activesupport
(RubyGems)
Sep 17, 2018
•
withdrawn
Cross-Site Scripting in editor.md
Moderate
CVE-2019-9737
was published
for
editor.md
(npm)
Mar 14, 2019
Cross Site Scripting (XSS) in plotly.js
Moderate
CVE-2017-1000006
was published
for
plotly.js
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects activerecord
Moderate
GHSA-7phj-gmgx-2r66
was published
for
activerecord
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2016-8629
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects rails-html-sanitizer
Moderate
GHSA-77pc-q5q7-qg9h
was published
for
rails-html-sanitizer
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects com.sparkjava:spark-core
Moderate
CVE-2018-9159
was published
for
com.sparkjava:spark-core
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js
Moderate
CVE-2017-11429
was published
for
saml2-js
(npm)
Jul 5, 2019
ProTip!
Advisories are also available from the
GraphQL API