GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,922 advisories
Filter by severity
Jinjava calls getClass
Moderate
CVE-2018-18893
was published
for
com.hubspot.jinjava:jinjava
(Maven)
Jan 4, 2019
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
Moderate
CVE-2018-20594
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
Moderate
CVE-2018-17197
was published
for
org.apache.tika:tika-parsers
(Maven)
Dec 26, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-15713
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-3166
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353
Moderate
CVE-2018-1000873
was published
for
com.fasterxml.jackson.datatype:jackson-datatype-jsr310
(Maven)
Dec 21, 2018
PyKMIP Denial of service vulnerability
Moderate
CVE-2018-1000872
was published
for
pykmip
(pip)
Dec 21, 2018
Cross Site Scripting (XSS) vulnerability in easymon
Moderate
CVE-2018-1000855
was published
for
easymon
(RubyGems)
Dec 21, 2018
Cross site scripting in org.apache.nifi:nifi
Moderate
CVE-2018-17193
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Improper Restriction of Rendered UI Layers or Frames in Apache nifif
Moderate
CVE-2018-17192
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Fat Free CRM vulnerable to Cross-site Scripting
Moderate
CVE-2018-1000842
was published
for
fat_free_crm
(RubyGems)
Dec 20, 2018
aiohttp-session creates non-expiring sessions
Moderate
CVE-2018-1000814
was published
for
aiohttp-session
(pip)
Dec 20, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
Flask-Admin Cross-site Scripting vulnerability
Moderate
CVE-2018-16516
was published
for
flask-admin
(pip)
Dec 19, 2018
Path Traversal in simplehttpserver
Moderate
CVE-2018-16478
was published
for
simplehttpserver
(npm)
Dec 6, 2018
Exposure of Sensitive Information to an Unauthorized Actor in activestorage
Moderate
CVE-2018-16477
was published
for
activestorage
(RubyGems)
Dec 5, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
Moderate
CVE-2018-1314
was published
for
org.apache.hive:hive-jdbc
(Maven)
Nov 21, 2018
Cross-site Scripting in yapi-vendor
Moderate
CVE-2018-17574
was published
for
yapi-vendor
(npm)
Nov 21, 2018
Ckeditor XSS Vulnerability
Moderate
CVE-2018-17960
was published
for
ckeditor
(Composer)
Nov 21, 2018
Jupyter Notebook XSS via directory name
Moderate
CVE-2018-19352
was published
for
notebook
(pip)
Nov 21, 2018
Jupyter Notebook XSS via untrusted notebooks
Moderate
CVE-2018-19351
was published
for
notebook
(pip)
Nov 21, 2018
Rack vulnerable to Cross-site Scripting
Moderate
CVE-2018-16471
was published
for
rack
(RubyGems)
Nov 15, 2018
ProTip!
Advisories are also available from the
GraphQL API