Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,922 advisories

Loading
Cross-Site Scripting in html-janitor Moderate
CVE-2017-0931 was published for html-janitor (npm) Nov 9, 2018
Content Injection via TileJSON Name in mapbox.js Moderate
CVE-2017-1000043 was published for mapbox-rails (RubyGems) Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js Moderate
CVE-2017-1000042 was published for mapbox-rails (RubyGems) Nov 9, 2018
Cross-Site Scripting in sanitize-html Moderate
CVE-2017-16016 was published for sanitize-html (npm) Nov 9, 2018
Cross-Site Scripting in i18next Moderate
CVE-2017-16008 was published for i18next (npm) Nov 9, 2018
Cross-Site Scripting in morris.js Moderate
CVE-2017-16022 was published for morris.js (npm) Nov 9, 2018
Cross-Site Scripting in forms Moderate
CVE-2017-16015 was published for forms (npm) Nov 9, 2018
Cross-Site Scripting in sanitize-html Moderate
CVE-2017-16017 was published for sanitize-html (npm) Nov 9, 2018
Cross-Site Scripting (XSS) in restify Moderate
CVE-2017-16018 was published for restify (npm) Nov 9, 2018
Tmp files readable by other users in sync-exec Moderate
CVE-2017-16024 was published for sync-exec (npm) Nov 9, 2018
Remote Memory Exposure in request Moderate
CVE-2017-16026 was published for request (npm) Nov 9, 2018
tdunlap607
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Moderate
CVE-2017-7678 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability Moderate
CVE-2018-11770 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
Pandao editor.md vulnerable to DOM XSS Moderate
CVE-2018-19056 was published for editor.md (npm) Nov 9, 2018
HTML Injection in shout Moderate
CVE-2017-16043 was published for shout (npm) Nov 7, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope Moderate
CVE-2018-1322 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
MarkLee131
Improper Control of Interaction Frequency in Apache syncope-core Moderate
CVE-2018-17184 was published for org.apache.syncope:syncope-core (Maven) Nov 6, 2018
Cross-Site Scripting in nunjucks Moderate
CVE-2016-10547 was published for nunjucks (npm) Nov 6, 2018
Moderate severity vulnerability that affects python-gnupg Moderate
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
XSS Filter Bypass via Encoded URL in validator Moderate
CVE-2014-9772 was published for validator (npm) Nov 6, 2018
python-gnupg vulnerable to shell injection Moderate
CVE-2014-1929 was published for python-gnupg (pip) Nov 6, 2018
Path Traversal in takeapeek Moderate
CVE-2018-16473 was published for takeapeek (npm) Nov 6, 2018
Stored Cross-Site Scripting in tianma-static Moderate
CVE-2018-16474 was published for tianma-static (npm) Nov 6, 2018
Command Injection in libnmap Moderate
CVE-2018-16461 was published for libnmap (npm) Nov 1, 2018
Loofah Cross-site Scripting vulnerability Moderate
CVE-2018-16468 was published for loofah (RubyGems) Nov 1, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database