Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,178
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

11,042 advisories

Loading
Local API Login Credentials Disclosure in paratrooper-pingdom Low
CVE-2014-1233 was published for paratrooper-pingdom (RubyGems) Oct 24, 2017
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor Low
CVE-2014-1234 was published for paratrooper-newrelic (RubyGems) Oct 24, 2017
actionpack is vulnerable to remote bypass authentication Low
CVE-2015-7576 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
rest-client allows local users to obtain sensitive information by reading the log Low
CVE-2015-3448 was published for rest-client (RubyGems) Oct 24, 2017
Directory Traversal in send Low
CVE-2014-6394 was published for send (npm) Oct 24, 2017
Puppet allows local users to obtain sensitive configuration information Low
CVE-2012-3866 was published for puppet (RubyGems) Oct 24, 2017
Puppet vulnerable to Path Traversal Low
CVE-2012-3865 was published for puppet (RubyGems) Oct 24, 2017
Puppet supports use of IP addresses in certnames without warning of potential risks Low
CVE-2012-3408 was published for puppet (RubyGems) Oct 24, 2017
sqlite3-ruby uses weak permissions for unspecified files, which allows local users to gain privileges Low
CVE-2011-0995 was published for sqlite3-ruby (RubyGems) Oct 24, 2017
Puppet allows local users to overwrite arbitrary files via a symlink attack Low
CVE-2012-1989 was published for puppet (RubyGems) Oct 24, 2017
RuboCop gem Insecure use of /tmp Low
CVE-2017-8418 was published for rubocop (RubyGems) Nov 15, 2017
tdunlap607
Low severity vulnerability that affects sensu Low
CVE-2018-1000060 was published for sensu (RubyGems) Jul 23, 2018 withdrawn
Regular Expression Denial of Service in debug Low
CVE-2017-16137 was published for debug (npm) Aug 9, 2018
G-Rath SamHutchins-Sage
ember-source Cross-site Scripting vulnerability Low
CVE-2014-0046 was published for ember-source (RubyGems) Aug 28, 2018
tdunlap607
Phusion Passenger allows remote attackers to spoof headers Low
CVE-2015-7519 was published for passenger (RubyGems) Oct 10, 2018
Insecure use of temporary files in passenger Low
CVE-2014-1831 was published for passenger (RubyGems) Oct 10, 2018
Insecure use of temporary files in Phusion passenger Low
CVE-2014-1832 was published for passenger (RubyGems) Oct 10, 2018
In Bouncy Castle JCE Provider the other party DH public key is not fully validated Low
CVE-2016-1000346 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service Low
CVE-2014-0228 was published for org.apache.hive:hive (Maven) Nov 21, 2018
Incorrect Permission Assignment for Critical Resource in Apache hive Low
CVE-2018-1315 was published for org.apache.hive:hive (Maven) Nov 21, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive Low
CVE-2018-1284 was published for org.apache.hive:hive (Maven) Nov 21, 2018
MarkLee131
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml Low
CVE-2019-3772 was published for org.springframework.integration:spring-integration-ws (Maven) Jan 25, 2019
MarkLee131
Low severity vulnerability that affects org.springframework.batch:spring-batch-core Low
CVE-2019-3774 was published for org.springframework.batch:spring-batch-core (Maven) Jan 25, 2019
Regular Expression Denial of Service in jadedown Low
CVE-2016-10520 was published for jadedown (npm) Feb 18, 2019
Arbitrary File Write in cli Low
CVE-2016-10538 was published for cli (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database