GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
113,770 advisories
Filter by severity
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Moderate
CVE-2019-10782
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Jan 31, 2020
Hard-Coded Key Used For Remember-me Token in Opencast
Moderate
CVE-2020-5222
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Users with ROLE_COURSE_ADMIN can create new users in Opencast
Moderate
CVE-2020-5231
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Improper Restriction of XML External Entity Reference in Apache Olingo
Moderate
CVE-2019-17554
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
HTTP Response Splitting in Styx
Moderate
CVE-2020-6858
was published
for
com.hotels.styx:styx-api
(Maven)
Mar 3, 2020
Sandbox bypass in constantinople
Moderate
GHSA-hg7c-66ff-9q8g
was published
for
constantinople
(npm)
Jul 31, 2020
•
withdrawn
Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET
Moderate
CVE-2020-5268
was published
for
Sustainsys.Saml2
(NuGet)
Apr 22, 2020
Potential Observable Timing Discrepancy in Wagtail
Moderate
CVE-2020-11037
was published
for
wagtail
(pip)
May 7, 2020
path traversal in Jooby
Moderate
CVE-2020-7647
was published
for
io.jooby:jooby
(Maven)
May 13, 2020
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Moderate
CVE-2019-10785
was published
for
dojox
(npm)
Feb 13, 2020
Persistent Cross-Site scripting in Nexus Repository Manager
Moderate
CVE-2020-10203
was published
for
org.sonatype.nexus:nexus-core
(Maven)
Apr 14, 2020
Internal NCryptDecrypt method could be used externally from WindowsHello library.
Moderate
CVE-2020-11005
was published
for
HaemmerElectronics.SeppPenner.WindowsHello
(NuGet)
Apr 14, 2020
Cross-Site Scripting in BookStack
Moderate
CVE-2020-11055
was published
for
ssddanbrown/bookstack
(Composer)
May 7, 2020
python-gnupg allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended
Moderate
GHSA-qh62-ch95-63wh
was published
for
python-gnupg
(pip)
Mar 13, 2020
•
withdrawn
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Moderate
CVE-2020-11094
was published
for
rainlab/debugbar-plugin
(Composer)
Jun 3, 2020
DoS via malicious record IDs in WatermelonDB
Moderate
CVE-2020-4035
was published
for
@nozbe/watermelondb
(npm)
Jun 3, 2020
Cross-site scripting in PHPMailer
Moderate
CVE-2017-11503
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-23v3-qfrj-wmgh
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Path Traversal in statics-server
Moderate
CVE-2019-15596
was published
for
statics-server
(npm)
Mar 31, 2020
Cross-Site Scripting in sanitize-html
Moderate
CVE-2016-1000237
was published
for
sanitize-html
(npm)
Apr 16, 2020
ProTip!
Advisories are also available from the
GraphQL API