GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
93,441 advisories
Filter by severity
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
High
CVE-2018-1000164
was published
for
gunicorn
(pip)
Jul 12, 2018
High severity vulnerability that affects mercurial
High
CVE-2017-9462
was published
for
mercurial
(pip)
Jul 13, 2018
FedMsg not properly completing message validation
High
CVE-2017-1000001
was published
for
FedMsg
(pip)
Jul 13, 2018
High severity vulnerability that affects cfscrape
High
CVE-2017-7235
was published
for
cfscrape
(pip)
Jul 13, 2018
pysaml2 Improper Authentication vulnerability
High
CVE-2017-1000433
was published
for
pysaml2
(pip)
Jul 13, 2018
Pysaml2 does not sanitize XML responses
High
CVE-2016-10149
was published
for
pysaml2
(pip)
Jul 16, 2018
Withdrawn Advisory: mariadb was malware
High
CVE-2017-16046
was published
for
mariadb
(npm)
Jul 18, 2018
•
withdrawn
Path Traversal in crud-file-server
High
CVE-2018-3733
was published
for
crud-file-server
(npm)
Jul 18, 2018
Denial of Service vulnerability with large JSON payloads in fastify
High
CVE-2018-3711
was published
for
fastify
(npm)
Jul 18, 2018
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input
High
CVE-2017-16138
was published
for
mime
(npm)
Jul 20, 2018
Kcapifony gem for Ruby places database user passwords on the command line
High
CVE-2014-5001
was published
for
kcapifony
(RubyGems)
Jul 23, 2018
Django-piston and Django-tastypie do not properly deserialize YAML data
High
CVE-2011-4103
was published
for
django-piston
(pip)
Jul 23, 2018
High severity vulnerability that affects Plone and Zope2
High
CVE-2011-2528
was published
for
Plone
(pip)
Jul 23, 2018
Directory Traversal in dgard8.lab6
High
CVE-2017-16218
was published
for
dgard8.lab6
(npm)
Jul 23, 2018
Directory Traversal in fbr-client
High
CVE-2017-16217
was published
for
fbr-client
(npm)
Jul 23, 2018
Directory Traversal in jn_jj_server
High
CVE-2017-16210
was published
for
jn_jj_server
(npm)
Jul 23, 2018
Directory Traversal in quickserver
High
CVE-2017-16196
was published
for
quickserver
(npm)
Jul 23, 2018
ProTip!
Advisories are also available from the
GraphQL API