Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

93,441 advisories

Loading
Arbitrary File Write in iobroker.js-controller High
CVE-2019-10767 was published for iobroker.js-controller (npm) Dec 2, 2019
Improper input validation in Apache Olingo High
CVE-2019-17555 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841 High
GHSA-f884-gm86-cg3q was published for prestashop/ps_facetedsearch (Composer) Jan 7, 2020
PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841 High
GHSA-769f-539v-f5jg was published for prestashop/gamification (Composer) Jan 8, 2020
Server-Side Request Forgery (SSRF) in Apache Olingo High
CVE-2020-1925 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Insecure Entropy Source - Math.random() in node-uuid High
CVE-2015-8851 was published for node-uuid (npm) Apr 16, 2020
Incorrect Account Used for Signing High
GHSA-vg44-fw64-cpjx was published for @metamask/eth-ledger-bridge-keyring (npm) Mar 24, 2020
Regular Expression Denial of Service in Acorn High
GHSA-6chw-6frg-f759 was published for acorn (npm) Apr 3, 2020
graphite.composer.views.send_email vulnerable to SSRF High
CVE-2017-18638 was published for graphite-web (pip) Oct 25, 2019
JLLeitschuh alex
orangetw
Downloads Resources over HTTP in rs-brightcove High
CVE-2016-10676 was published for rs-brightcove (npm) Feb 18, 2019
discord-html not escaping HTML code blocks when lacking a language identifier High
GHSA-9r27-994c-4xch was published for discord-markdown (npm) Feb 24, 2020
Open Redirect in ecstatic High
GHSA-9q64-mpxx-87fg was published for ecstatic (npm) Apr 1, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-11002 was published for io.dropwizard:dropwizard-validation (Maven) Apr 10, 2020
pwntester
Cross-Site Scripting in seeftl High
CVE-2019-15603 was published for seeftl (npm) Apr 1, 2020
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
codecov NPM module allows remote attackers to execute arbitrary commands High
CVE-2020-7597 was published for codecov (npm) Feb 19, 2020
Denial of Service in uap-core when processing crafted User-Agent strings High
GHSA-pcqq-5962-hvcw was published for user_agent_parser (RubyGems) Mar 10, 2020
bcaller
Double Free in psutil High
CVE-2019-18874 was published for psutil (pip) Mar 12, 2020
Reflected XSS in GraphQL Playground High
CVE-2020-4038 was published for graphql-playground-html (npm) Jun 9, 2020
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Holder can generate proof of ownership for credentials it does not control in vp-toolkit High
GHSA-ff5x-w9wg-h275 was published for vp-toolkit (npm) Mar 6, 2020
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit High
GHSA-p94w-42g3-f7h4 was published for vp-toolkit (npm) Mar 6, 2020
2FA bypass through deleting devices in wagtail-2fa High
CVE-2020-5240 was published for wagtail-2fa (pip) Mar 13, 2020
Remote Code Execution Through Image Uploads in BookStack High
CVE-2020-5256 was published for ssddanbrown/bookstack (Composer) Mar 13, 2020
inc0x0 thiagomayllart
Cross-Site Scripting in fileview High
CVE-2019-15602 was published for fileview (npm) Apr 1, 2020
ProTip! Advisories are also available from the GraphQL API