Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,644 advisories

Loading
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled)) Moderate
CVE-2019-10782 was published for com.puppycrawl.tools:checkstyle (Maven) Jan 31, 2020
JLLeitschuh
Users with ROLE_COURSE_ADMIN can create new users in Opencast Moderate
CVE-2020-5231 was published for org.opencastproject:opencast-kernel (Maven) Jan 30, 2020
Hard-Coded Key Used For Remember-me Token in Opencast Moderate
CVE-2020-5222 was published for org.opencastproject:opencast-kernel (Maven) Jan 30, 2020
LukasKalbertodt
Improper Restriction of XML External Entity Reference in Apache Olingo Moderate
CVE-2019-17554 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
HTTP Response Splitting in Styx Moderate
CVE-2020-6858 was published for com.hotels.styx:styx-api (Maven) Mar 3, 2020
JLLeitschuh
Link Following in rply Moderate
CVE-2014-1938 was published for rply (pip) Mar 11, 2020
Sandbox bypass in constantinople Moderate
GHSA-hg7c-66ff-9q8g was published for constantinople (npm) Jul 31, 2020 withdrawn
Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET Moderate
CVE-2020-5268 was published for Sustainsys.Saml2 (NuGet) Apr 22, 2020
Potential Observable Timing Discrepancy in Wagtail Moderate
CVE-2020-11037 was published for wagtail (pip) May 7, 2020
thibaudcolas
path traversal in Jooby Moderate
CVE-2020-7647 was published for io.jooby:jooby (Maven) May 13, 2020
Incorrect Default Permissions in keyring Moderate
CVE-2012-5578 was published for keyring (pip) Mar 10, 2020
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode Moderate
CVE-2019-10785 was published for dojox (npm) Feb 13, 2020
JLLeitschuh
Persistent Cross-Site scripting in Nexus Repository Manager Moderate
CVE-2020-10203 was published for org.sonatype.nexus:nexus-core (Maven) Apr 14, 2020
Possible XSS attack in Wagtail Moderate
CVE-2020-11001 was published for wagtail (pip) Apr 14, 2020
Internal NCryptDecrypt method could be used externally from WindowsHello library. Moderate
CVE-2020-11005 was published for HaemmerElectronics.SeppPenner.WindowsHello (NuGet) Apr 14, 2020
Cross-Site Scripting in BookStack Moderate
CVE-2020-11055 was published for ssddanbrown/bookstack (Composer) May 7, 2020
XSS in Apache Airflow Moderate
CVE-2019-12398 was published for apache-airflow (pip) May 6, 2020
XSS in TinyMCE Moderate
CVE-2019-1010091 was published for tinymce (npm) May 11, 2020
XSS in Dolibarr Moderate
CVE-2020-13094 was published for dolibarr/dolibarr (Composer) May 21, 2020
Cross-site scripting in PHPMailer Moderate
CVE-2017-11503 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
python-gnupg allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended Moderate
GHSA-qh62-ch95-63wh was published for python-gnupg (pip) Mar 13, 2020 withdrawn
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar Moderate
CVE-2020-11094 was published for rainlab/debugbar-plugin (Composer) Jun 3, 2020
vogon101
DoS via malicious record IDs in WatermelonDB Moderate
CVE-2020-4035 was published for @nozbe/watermelondb (npm) Jun 3, 2020
GitHub personal access token leaking into temporary EasyBuild (debug) logs Moderate
CVE-2020-5262 was published for easybuild-framework (pip) Mar 19, 2020
zao boegel
Path Traversal in statics-server Moderate
CVE-2019-15596 was published for statics-server (npm) Mar 31, 2020
ProTip! Advisories are also available from the GraphQL API