GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
97,391 advisories
Filter by severity
Improper input validation in Apache Olingo
High
CVE-2019-17555
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
High
GHSA-769f-539v-f5jg
was published
for
prestashop/gamification
(Composer)
Jan 8, 2020
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841
High
GHSA-f884-gm86-cg3q
was published
for
prestashop/ps_facetedsearch
(Composer)
Jan 7, 2020
Server-Side Request Forgery (SSRF) in Apache Olingo
High
CVE-2020-1925
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
Insecure Entropy Source - Math.random() in node-uuid
High
CVE-2015-8851
was published
for
node-uuid
(npm)
Apr 16, 2020
Incorrect Account Used for Signing
High
GHSA-vg44-fw64-cpjx
was published
for
@metamask/eth-ledger-bridge-keyring
(npm)
Mar 24, 2020
Regular Expression Denial of Service in Acorn
High
GHSA-6chw-6frg-f759
was published
for
acorn
(npm)
Apr 3, 2020
discord-html not escaping HTML code blocks when lacking a language identifier
High
GHSA-9r27-994c-4xch
was published
for
discord-markdown
(npm)
Feb 24, 2020
Downloads Resources over HTTP in rs-brightcove
High
CVE-2016-10676
was published
for
rs-brightcove
(npm)
Feb 18, 2019
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-11002
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Apr 10, 2020
Improper Certificate Validation in Apache Beam
High
CVE-2020-1929
was published
for
org.apache.beam:beam-sdks-java-io-mongodb
(Maven)
May 6, 2020
codecov NPM module allows remote attackers to execute arbitrary commands
High
CVE-2020-7597
was published
for
codecov
(npm)
Feb 19, 2020
Reflected XSS in GraphQL Playground
High
CVE-2020-4038
was published
for
graphql-playground-html
(npm)
Jun 9, 2020
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit
High
GHSA-p94w-42g3-f7h4
was published
for
vp-toolkit
(npm)
Mar 6, 2020
Holder can generate proof of ownership for credentials it does not control in vp-toolkit
High
GHSA-ff5x-w9wg-h275
was published
for
vp-toolkit
(npm)
Mar 6, 2020
Denial of Service in uap-core when processing crafted User-Agent strings
High
GHSA-pcqq-5962-hvcw
was published
for
user_agent_parser
(RubyGems)
Mar 10, 2020
Remote Code Execution Through Image Uploads in BookStack
High
CVE-2020-5256
was published
for
ssddanbrown/bookstack
(Composer)
Mar 13, 2020
2FA bypass through deleting devices in wagtail-2fa
High
CVE-2020-5240
was published
for
wagtail-2fa
(pip)
Mar 13, 2020
Information disclosure through error object in auth0.js
High
CVE-2020-5263
was published
for
auth0-js
(npm)
Apr 10, 2020
Deserialization of Untrusted Data in jackson-databind
High
GHSA-wrr7-33fx-rcvj
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 15, 2020
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API