Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,922 advisories

Loading
Jinjava calls getClass Moderate
CVE-2018-18893 was published for com.hubspot.jinjava:jinjava (Maven) Jan 4, 2019
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons Moderate
CVE-2018-20594 was published for org.hswebframework.web:hsweb-commons (Maven) Jan 4, 2019
Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser Moderate
CVE-2018-17197 was published for org.apache.tika:tika-parsers (Maven) Dec 26, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main Moderate
CVE-2017-15713 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main Moderate
CVE-2017-3166 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353 Moderate
CVE-2018-1000873 was published for com.fasterxml.jackson.datatype:jackson-datatype-jsr310 (Maven) Dec 21, 2018
PyKMIP Denial of service vulnerability Moderate
CVE-2018-1000872 was published for pykmip (pip) Dec 21, 2018
tdunlap607
Cross Site Scripting (XSS) vulnerability in easymon Moderate
CVE-2018-1000855 was published for easymon (RubyGems) Dec 21, 2018
Cross site scripting in org.apache.nifi:nifi Moderate
CVE-2018-17193 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
Improper Restriction of Rendered UI Layers or Frames in Apache nifif Moderate
CVE-2018-17192 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
Fat Free CRM vulnerable to Cross-site Scripting Moderate
CVE-2018-1000842 was published for fat_free_crm (RubyGems) Dec 20, 2018
aiohttp-session creates non-expiring sessions Moderate
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core Moderate
CVE-2018-11799 was published for org.apache.oozie:oozie-core (Maven) Dec 20, 2018
Flask-Admin Cross-site Scripting vulnerability Moderate
CVE-2018-16516 was published for flask-admin (pip) Dec 19, 2018
born2discover
Path Traversal in simplehttpserver Moderate
CVE-2018-16478 was published for simplehttpserver (npm) Dec 6, 2018
Exposure of Sensitive Information to an Unauthorized Actor in activestorage Moderate
CVE-2018-16477 was published for activestorage (RubyGems) Dec 5, 2018
Session Fixation in Tryton Moderate
CVE-2018-19443 was published for tryton (pip) Nov 29, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc Moderate
CVE-2018-1314 was published for org.apache.hive:hive-jdbc (Maven) Nov 21, 2018
SimpleMDE XSS Vulnerability Moderate
CVE-2018-19057 was published for simplemde (npm) Nov 21, 2018
Cross-site Scripting in yapi-vendor Moderate
CVE-2018-17574 was published for yapi-vendor (npm) Nov 21, 2018
Ckeditor XSS Vulnerability Moderate
CVE-2018-17960 was published for ckeditor (Composer) Nov 21, 2018
Valine HTML Injection Moderate
CVE-2018-19289 was published for valine (npm) Nov 21, 2018
Jupyter Notebook XSS via directory name Moderate
CVE-2018-19352 was published for notebook (pip) Nov 21, 2018
Jupyter Notebook XSS via untrusted notebooks Moderate
CVE-2018-19351 was published for notebook (pip) Nov 21, 2018
Rack vulnerable to Cross-site Scripting Moderate
CVE-2018-16471 was published for rack (RubyGems) Nov 15, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database