GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,013
Erlang
29
GitHub Actions
16
Go
1,806
Maven
5,000+
npm
3,553
NuGet
632
pip
3,148
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,405 advisories
Filter by severity
Authentication Bypass in passport-azure-ad
High
CVE-2016-7191
was published
for
passport-azure-ad
(npm)
Jul 26, 2018
Downloads Resources over HTTP in mystem-fix
High
CVE-2016-10698
was published
for
mystem-fix
(npm)
Jul 27, 2018
High severity vulnerability that affects jquery-ui
High
GHSA-g8q2-24jh-5hpc
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 27, 2018
•
withdrawn
Path Traversal in superstatic
High
GHSA-wm77-q74p-5763
was published
for
superstatic
(npm)
Jul 27, 2018
windows-seleniumjar downloads Resources over HTTP
High
CVE-2016-10691
was published
for
windows-seleniumjar
(npm)
Jul 31, 2018
Downloads Resources over HTTP in haxeshim
High
CVE-2016-10692
was published
for
haxeshim
(npm)
Jul 31, 2018
Downloads Resources over HTTP in alto-saxophone
High
CVE-2016-10694
was published
for
alto-saxophone
(npm)
Jul 31, 2018
Downloads Resources over HTTP in react-native-baidu-voice-synthesizer
High
CVE-2016-10697
was published
for
react-native-baidu-voice-synthesizer
(npm)
Jul 31, 2018
Regular Expression Denial of Service in hawk
High
CVE-2016-2515
was published
for
hawk
(npm)
Jul 31, 2018
Regular Expression Denial of Service in charset
High
CVE-2017-16098
was published
for
charset
(npm)
Aug 9, 2018
Regular Expression Denial of Service in sshpk
High
CVE-2018-3737
was published
for
sshpk
(npm)
Aug 15, 2018
marionette-socket-host downloads Resources over HTTP
High
CVE-2016-10648
was published
for
marionette-socket-host
(npm)
Aug 15, 2018
Downloads Resources over HTTP in resourcehacker
High
CVE-2016-10646
was published
for
resourcehacker
(npm)
Aug 15, 2018
grunt-images downloads Resources over HTTP
High
CVE-2016-10645
was published
for
grunt-images
(npm)
Aug 15, 2018
slimerjs-edge downloads Resources over HTTP
High
CVE-2016-10644
was published
for
slimerjs-edge
(npm)
Aug 15, 2018
Downloads Resources over HTTP in jstestdriver
High
CVE-2016-10643
was published
for
jstestdriver
(npm)
Aug 15, 2018
ProTip!
Advisories are also available from the
GraphQL API