Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,644 advisories

Loading
Reverse Tabnapping in swagger-ui Moderate
GHSA-x9p2-fxq6-2m5f was published for swagger-ui (npm) Jun 20, 2019
SQL Injection in sql Moderate
GHSA-8f93-rv4p-x4jw was published for sql (npm) Jun 12, 2019
Denial of Service in mem Moderate
GHSA-4xcv-9jjx-gfj3 was published for mem (npm) Jul 5, 2019
Cross-Site Scripting in @nuxt/devalue Moderate
CVE-2019-13506 was published for @nuxt/devalue (npm) Jul 16, 2019
Cross-Site Scripting via JSONP Moderate
GHSA-28hp-fgcr-2r4h was published for angular (npm) Jun 27, 2019
Cross-Site Scripting in cyberchef Moderate
CVE-2019-15532 was published for cyberchef (npm) Aug 27, 2019
Cross-Site Scripting in dojo Moderate
CVE-2010-2273 was published for dojo (npm) Sep 11, 2019
Cross-Site Scripting in status-board Moderate
CVE-2019-15478 was published for status-board (npm) Sep 23, 2019
Cross-Site Scripting in keystone Moderate
GHSA-h29r-4vqp-8jxf was published for keystone (npm) Aug 20, 2020 withdrawn
XSS in login form Moderate
CVE-2019-13235 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Denial of service via deserialization attack in nifi Moderate
CVE-2017-15703 was published for org.apache.nifi:nifi-framework-cluster-protocol (Maven) Oct 25, 2019
Validation bypass is possible in Json Pattern Validator Moderate
CVE-2019-19507 was published for jpv (npm) Dec 4, 2019
Cross-Site Scripting in iobroker.web Moderate
CVE-2019-10771 was published for iobroker.web (npm) Dec 2, 2019
Unsafe Identifiers in Opencast Moderate
CVE-2020-5230 was published for org.opencastproject:base (Maven) Jan 30, 2020
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack Moderate
CVE-2020-5234 was published for MessagePack (NuGet) Jan 31, 2020
Cross-Site Scripting in selectize-plugin-a11y Moderate
CVE-2019-15482 was published for selectize-plugin-a11y (npm) Aug 27, 2019
Denial of Service in rgb2hex Moderate
GHSA-65p8-3hm4-h9h8 was published for rgb2hex (npm) Aug 23, 2019
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke Moderate
CVE-2019-12562 was published for DotNetNuke.Core (NuGet) Nov 18, 2019
XSS in search engine Moderate
CVE-2019-13234 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS issues in the management interface Moderate
CVE-2019-13236 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Stored XSS in Apache Atlas Moderate
CVE-2019-10070 was published for org.apache.atlas:apache-atlas (Maven) Jan 8, 2020
Apache NiFi process group information disclosure Moderate
CVE-2019-10083 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
possible DoS caused by malformed signature decoding in Pure-Python ECDSA Moderate
GHSA-2mrj-435v-c2cr was published for ecdsa (pip) Dec 2, 2019 withdrawn
Data leakage via SQL Injection in Pimcore Moderate
CVE-2019-10763 was published for pimcore/pimcore (Composer) Dec 2, 2019
Persistent XSS vulnerability in filename of attached file in PrivateBin Moderate
CVE-2020-5223 was published for privatebin/privatebin (Composer) Jan 14, 2020
ProTip! Advisories are also available from the GraphQL API