GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,081 advisories
Filter by severity
Cross Site Scripting in baserCMS
Low
CVE-2020-15154
was published
for
baserproject/basercms
(Composer)
Aug 28, 2020
Incorrect Permission Assignment for Critical Resource in Apache hive
Low
CVE-2018-1315
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Prototype Pollution in merge-objects
Low
GHSA-992f-wf4w-x36v
was published
for
merge-objects
(npm)
Sep 1, 2020
Silently Runs Cryptocoin Miner in hooka-tools
Low
GHSA-m36m-x4c5-rjxj
was published
for
hooka-tools
(npm)
Sep 1, 2020
Path Traversal in openapi-python-client
Low
CVE-2020-15141
was published
for
openapi-python-client
(pip)
Aug 20, 2020
Context isolation bypass via Promise in Electron
Low
CVE-2020-15096
was published
for
electron
(npm)
Jul 7, 2020
Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
Low
CVE-2014-0228
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Sensitive Data Exposure in loopback
Low
GHSA-724c-6vrf-99rq
was published
for
loopback
(npm)
Sep 2, 2020
Cross-Site Scripting in express-cart
Low
GHSA-9pr3-7449-977r
was published
for
express-cart
(npm)
Sep 2, 2020
XSS in Mapfish Print relating to JSONP support
Low
CVE-2020-15231
was published
for
org.mapfish.print:print-lib
(Maven)
Jul 7, 2020
Timing attack on django-basic-auth-ip-whitelist
Low
CVE-2020-4071
was published
for
django-basic-auth-ip-whitelist
(pip)
Jun 23, 2020
Cross-site Scripting in October
Low
CVE-2020-4061
was published
for
october/backend
(Composer)
Jul 2, 2020
SSL Validation Defaults to False in electron-packager
Low
CVE-2016-10534
was published
for
electron-packager
(npm)
Feb 18, 2019
Low severity vulnerability that affects eye.js
Low
GHSA-mgv2-57vj-99xc
was published
for
eye.js
(npm)
Oct 7, 2019
Low severity vulnerability that affects Plone
Low
CVE-2011-1949
was published
for
Plone
(pip)
Jul 23, 2018
Low severity vulnerability that affects smartbanner.js
Low
GHSA-9mrq-cjgh-32g2
was published
for
smartbanner.js
(npm)
Sep 13, 2019
In Bouncy Castle JCE Provider the other party DH public key is not fully validated
Low
CVE-2016-1000346
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
Low
GHSA-xf83-q765-xm6m
was published
for
tensorflow
(pip)
Nov 21, 2022
`CHECK` failure in `SobolSample` via missing validation
Low
GHSA-cqvq-fvhr-v6hc
was published
for
tensorflow
(pip)
Nov 21, 2022
Low severity vulnerability that affects Gw2Sharp
Low
GHSA-4vr3-9v7h-5f8v
was published
for
Gw2Sharp
(NuGet)
Jun 18, 2019
Low severity vulnerability that affects org.springframework.batch:spring-batch-core
Low
CVE-2019-3774
was published
for
org.springframework.batch:spring-batch-core
(Maven)
Jan 25, 2019
ProTip!
Advisories are also available from the
GraphQL API