Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,410 advisories

Loading
ikst Downloads Resources over HTTP High
CVE-2017-16041 was published for ikst (npm) Jul 24, 2018
AsyncSSH SSH Server Authentication Bypass Critical
CVE-2018-7749 was published for AsyncSSH (pip) May 14, 2022
Multiple evaluation of contract address in call in vyper High
CVE-2022-29255 was published for vyper (pip) Jun 6, 2022
Command Injection in Nuitka High
CVE-2022-2054 was published for Nuitka (pip) Jun 13, 2022
Remote code execution in PHPMailer Critical
CVE-2016-10045 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Composer JavaScript injection possible via html comments Moderate
CVE-2019-8233 was published for magento/community-edition (Composer) Nov 12, 2019
Remote code execution in PHPMailer Critical
CVE-2016-10033 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
jquey is malware Moderate
CVE-2017-16204 was published for jquey (npm) Aug 6, 2018
OS Command Injection in pulverizr Critical
CVE-2020-7604 was published for pulverizr (npm) May 7, 2021
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation High
CVE-2023-28433 was published for github.com/minio/minio (Go) Sep 6, 2023
donatello harshavardhana
RicterZ
HashiCorp Consul vulnerable to authorization bypass Moderate
CVE-2022-40716 was published for github.com/hashicorp/consul (Go) Sep 25, 2022
tdunlap607
Unsafe plugins can be installed via pack import by tenant admins High
GHSA-wxf3-4fvj-vqqx was published for @saltcorn/cli (npm) Jul 27, 2023
pyhedgehog
OS Command Injection in closure-compiler-stream Critical
CVE-2020-7603 was published for closure-compiler-stream (npm) May 7, 2021
rendertron can remotely shut down Chrome instance High
CVE-2017-18353 was published for rendertron (npm) Jan 4, 2019
sqlite.js is malware Moderate
CVE-2017-16050 was published for sqlite.js (npm) Jul 23, 2018
dalek-browser-chrome Downloads Resources over HTTP High
CVE-2016-10604 was published for dalek-browser-chrome (npm) Feb 18, 2019
Directory Traversal in jikes Moderate
CVE-2017-16139 was published for jikes (npm) Aug 6, 2018
Directory Traversal in desafio Moderate
CVE-2017-16164 was published for desafio (npm) Aug 6, 2018
Directory Traversal in tinyserver2 High
CVE-2017-16085 was published for tinyserver2 (npm) Jul 24, 2018
hubl-server downloads resources over HTTP High
CVE-2017-16035 was published for hubl-server (npm) Jul 24, 2018
rendertron LFI vulnerability High
CVE-2017-18354 was published for rendertron (npm) Jan 4, 2019
rendertron XSS vulnerability Moderate
CVE-2017-18352 was published for rendertron (npm) Jan 7, 2019
cofeescript is malware Moderate
CVE-2017-16202 was published for cofeescript (npm) Aug 6, 2018
ReDoS via long UserAgent header in useragent High
CVE-2017-16030 was published for useragent (npm) Jul 24, 2018
lodahs is malware High
CVE-2019-19771 was published for lodahs (npm) Dec 16, 2019
ProTip! Advisories are also available from the GraphQL API