Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,998
Erlang
29
GitHub Actions
16
Go
1,784
Maven
5,000+
npm
3,546
NuGet
620
pip
3,139
Pub
10
RubyGems
839
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

9,548 advisories

Loading
Potential Command Injection in codem-transcode High
CVE-2013-7377 was published for codem-transcode (npm) Nov 28, 2017
Moderate severity vulnerability that affects send Moderate
GHSA-pgv6-jrvv-75jp was published for send (npm) Oct 9, 2018 withdrawn
Downloads Resources over HTTP in redis-srvr High
CVE-2016-10639 was published for redis-srvr (npm) Feb 18, 2019
Denial of service in Netty Moderate
CVE-2014-3488 was published for io.netty:netty-handler (Maven) Jun 30, 2020
Downloads Resources over HTTP in openframe-glslviewer High
CVE-2016-10607 was published for openframe-glslviewer (npm) Feb 18, 2019
Downloads Resources over HTTP in atom-node-module-installer High
CVE-2016-10620 was published for atom-node-module-installer (npm) Feb 18, 2019
Cross-Site Scripting in morris.js Moderate
CVE-2017-16022 was published for morris.js (npm) Nov 9, 2018
Downloads Resources over HTTP in node-bsdiff-android High
CVE-2016-10641 was published for node-bsdiff-android (npm) Sep 18, 2018
High severity vulnerability that affects python-gnupg High
CVE-2013-7323 was published for python-gnupg (pip) Nov 6, 2018
Moderate severity vulnerability that affects actionpack Moderate
GHSA-5xmj-wm96-fmw8 was published for actionpack (RubyGems) Sep 17, 2018 withdrawn
Denial-of-Service Extended Event Loop Blocking in qs High
CVE-2014-10064 was published for qs (npm) Oct 9, 2018
High severity vulnerability that affects qs High
GHSA-crvj-3gj9-gm2p was published for qs (npm) Oct 9, 2018 withdrawn
XSS Filter Bypass via Encoded URL in validator Moderate
CVE-2014-9772 was published for validator (npm) Nov 6, 2018
Potential Command Injection in printer Critical
CVE-2014-3741 was published for printer (npm) Nov 28, 2017
Moderate severity vulnerability that affects org.restlet.jse:org.restlet Moderate
CVE-2014-1868 was published for org.restlet.jse:org.restlet (Maven) Oct 17, 2018
Potential for Script Injection in syntax-error High
CVE-2014-7192 was published for syntax-error (npm) Oct 24, 2017
RDIL
Downloads Resources over HTTP in selenium-portal High
CVE-2016-10667 was published for selenium-portal (npm) Feb 18, 2019
Arbitrary JavaScript Execution in bassmaster Critical
CVE-2014-7205 was published for bassmaster (npm) Oct 24, 2017
Moderate severity vulnerability that affects python-gnupg Moderate
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
Information disclosure in JBoss Weld Moderate
CVE-2014-8122 was published for org.jboss.weld:weld-core-bom (Maven) Jun 10, 2020
Moderate severity vulnerability that affects actionpack Moderate
GHSA-23v3-qfrj-wmgh was published for actionpack (RubyGems) Sep 17, 2018 withdrawn
Link Following in rply Moderate
CVE-2014-1938 was published for rply (pip) Mar 11, 2020
Keycloak vulnerable to uncontrolled resource consumption High
CVE-2014-3651 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
ProTip! Advisories are also available from the GraphQL API