GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,922 advisories
Filter by severity
Cross-Site Scripting in html-janitor
Moderate
CVE-2017-0931
was published
for
html-janitor
(npm)
Nov 9, 2018
Content Injection via TileJSON Name in mapbox.js
Moderate
CVE-2017-1000043
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js
Moderate
CVE-2017-1000042
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Cross-Site Scripting in sanitize-html
Moderate
CVE-2017-16016
was published
for
sanitize-html
(npm)
Nov 9, 2018
Cross-Site Scripting in morris.js
Moderate
CVE-2017-16022
was published
for
morris.js
(npm)
Nov 9, 2018
Cross-Site Scripting in sanitize-html
Moderate
CVE-2017-16017
was published
for
sanitize-html
(npm)
Nov 9, 2018
Cross-Site Scripting (XSS) in restify
Moderate
CVE-2017-16018
was published
for
restify
(npm)
Nov 9, 2018
Tmp files readable by other users in sync-exec
Moderate
CVE-2017-16024
was published
for
sync-exec
(npm)
Nov 9, 2018
Remote Memory Exposure in request
Moderate
CVE-2017-16026
was published
for
request
(npm)
Nov 9, 2018
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
Moderate
CVE-2017-7678
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability
Moderate
CVE-2018-11770
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Pandao editor.md vulnerable to DOM XSS
Moderate
CVE-2018-19056
was published
for
editor.md
(npm)
Nov 9, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope
Moderate
CVE-2018-1322
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Improper Control of Interaction Frequency in Apache syncope-core
Moderate
CVE-2018-17184
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Cross-Site Scripting in nunjucks
Moderate
CVE-2016-10547
was published
for
nunjucks
(npm)
Nov 6, 2018
Moderate severity vulnerability that affects python-gnupg
Moderate
CVE-2014-1928
was published
for
python-gnupg
(pip)
Nov 6, 2018
XSS Filter Bypass via Encoded URL in validator
Moderate
CVE-2014-9772
was published
for
validator
(npm)
Nov 6, 2018
python-gnupg vulnerable to shell injection
Moderate
CVE-2014-1929
was published
for
python-gnupg
(pip)
Nov 6, 2018
Stored Cross-Site Scripting in tianma-static
Moderate
CVE-2018-16474
was published
for
tianma-static
(npm)
Nov 6, 2018
Loofah Cross-site Scripting vulnerability
Moderate
CVE-2018-16468
was published
for
loofah
(RubyGems)
Nov 1, 2018
ProTip!
Advisories are also available from the
GraphQL API