GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,998
Erlang
29
GitHub Actions
16
Go
1,784
Maven
5,000+
npm
3,546
NuGet
620
pip
3,139
Pub
10
RubyGems
839
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
9,548 advisories
Filter by severity
Potential Command Injection in codem-transcode
High
CVE-2013-7377
was published
for
codem-transcode
(npm)
Nov 28, 2017
Moderate severity vulnerability that affects send
Moderate
GHSA-pgv6-jrvv-75jp
was published
for
send
(npm)
Oct 9, 2018
•
withdrawn
Downloads Resources over HTTP in redis-srvr
High
CVE-2016-10639
was published
for
redis-srvr
(npm)
Feb 18, 2019
Denial of service in Netty
Moderate
CVE-2014-3488
was published
for
io.netty:netty-handler
(Maven)
Jun 30, 2020
Downloads Resources over HTTP in openframe-glslviewer
High
CVE-2016-10607
was published
for
openframe-glslviewer
(npm)
Feb 18, 2019
Downloads Resources over HTTP in atom-node-module-installer
High
CVE-2016-10620
was published
for
atom-node-module-installer
(npm)
Feb 18, 2019
Cross-Site Scripting in morris.js
Moderate
CVE-2017-16022
was published
for
morris.js
(npm)
Nov 9, 2018
Downloads Resources over HTTP in node-bsdiff-android
High
CVE-2016-10641
was published
for
node-bsdiff-android
(npm)
Sep 18, 2018
High severity vulnerability that affects python-gnupg
High
CVE-2013-7323
was published
for
python-gnupg
(pip)
Nov 6, 2018
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-5xmj-wm96-fmw8
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Denial-of-Service Extended Event Loop Blocking in qs
High
CVE-2014-10064
was published
for
qs
(npm)
Oct 9, 2018
High severity vulnerability that affects qs
High
GHSA-crvj-3gj9-gm2p
was published
for
qs
(npm)
Oct 9, 2018
•
withdrawn
XSS Filter Bypass via Encoded URL in validator
Moderate
CVE-2014-9772
was published
for
validator
(npm)
Nov 6, 2018
Potential Command Injection in printer
Critical
CVE-2014-3741
was published
for
printer
(npm)
Nov 28, 2017
Moderate severity vulnerability that affects org.restlet.jse:org.restlet
Moderate
CVE-2014-1868
was published
for
org.restlet.jse:org.restlet
(Maven)
Oct 17, 2018
Potential for Script Injection in syntax-error
High
CVE-2014-7192
was published
for
syntax-error
(npm)
Oct 24, 2017
Downloads Resources over HTTP in selenium-portal
High
CVE-2016-10667
was published
for
selenium-portal
(npm)
Feb 18, 2019
Arbitrary JavaScript Execution in bassmaster
Critical
CVE-2014-7205
was published
for
bassmaster
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects python-gnupg
Moderate
CVE-2014-1928
was published
for
python-gnupg
(pip)
Nov 6, 2018
Information disclosure in JBoss Weld
Moderate
CVE-2014-8122
was published
for
org.jboss.weld:weld-core-bom
(Maven)
Jun 10, 2020
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-23v3-qfrj-wmgh
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Keycloak vulnerable to uncontrolled resource consumption
High
CVE-2014-3651
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
ProTip!
Advisories are also available from the
GraphQL API