GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
97,391 advisories
Filter by severity
Private data exposure via REST API in BuddyPress
High
CVE-2020-5244
was published
for
buddypress/buddypress
(Composer)
Feb 24, 2020
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Read permissions not enforced for client provided filter expressions in Elide.
High
CVE-2020-5289
was published
for
com.yahoo.elide:elide-core
(Maven)
Mar 30, 2020
Downloads Resources over HTTP in selenium-download
High
CVE-2016-10559
was published
for
selenium-download
(npm)
Feb 18, 2019
Downloads Resources over HTTP in alto-saxophone
High
CVE-2016-10694
was published
for
alto-saxophone
(npm)
Jul 31, 2018
Prototype Pollution Protection Bypass in qs
High
CVE-2017-1000048
was published
for
qs
(npm)
Apr 30, 2020
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0773
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Regular Expression Denial of Service in websocket-extensions (NPM package)
High
CVE-2020-7662
was published
for
websocket-extensions
(npm)
Jun 5, 2020
Downloads Resources over HTTP in selenium-standalone-painful
High
CVE-2016-10679
was published
for
selenium-standalone-painful
(npm)
Feb 18, 2019
Downloads Resources over HTTP in cmake
High
CVE-2016-10642
was published
for
cmake
(npm)
Aug 15, 2018
Path Traversal in simplehttpserver
High
CVE-2018-16493
was published
for
static-resource-server
(npm)
Feb 7, 2019
Downloads Resources over HTTP in grunt-webdriver-qunit
High
CVE-2016-10606
was published
for
grunt-webdriver-qunit
(npm)
Feb 18, 2019
Downloads Resources over HTTP in bkjs-wand
High
CVE-2016-10571
was published
for
bkjs-wand
(npm)
Feb 18, 2019
Downloads Resources over HTTP in google-closure-tools-latest
High
CVE-2016-10677
was published
for
google-closure-tools-latest
(npm)
Feb 18, 2019
Downloads Resources over HTTP in selenium-portal
High
CVE-2016-10667
was published
for
selenium-portal
(npm)
Feb 18, 2019
High severity vulnerability that affects org.apache.tika:tika-core
High
CVE-2018-11761
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Downloads Resources over HTTP in mystem3
High
CVE-2016-10626
was published
for
mystem3
(npm)
Feb 18, 2019
Regular Expression Denial of Service in negotiator
High
CVE-2016-10539
was published
for
negotiator
(npm)
Oct 9, 2018
ASP.NET Core allow an elevation of privilege
High
CVE-2018-0787
was published
for
Microsoft.AspNetCore.HttpOverrides
(NuGet)
Oct 16, 2018
Missing Origin Validation in parcel-bundler
High
CVE-2018-14731
was published
for
parcel-bundler
(npm)
Oct 30, 2018
Downloads Resources over HTTP in scala-bin
High
CVE-2016-10627
was published
for
scala-bin
(npm)
Feb 18, 2019
ProTip!
Advisories are also available from the
GraphQL API