GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,644 advisories
Filter by severity
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Moderate
CVE-2019-10782
was published
for
com.puppycrawl.tools:checkstyle
(Maven)
Jan 31, 2020
Users with ROLE_COURSE_ADMIN can create new users in Opencast
Moderate
CVE-2020-5231
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Hard-Coded Key Used For Remember-me Token in Opencast
Moderate
CVE-2020-5222
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Improper Restriction of XML External Entity Reference in Apache Olingo
Moderate
CVE-2019-17554
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
HTTP Response Splitting in Styx
Moderate
CVE-2020-6858
was published
for
com.hotels.styx:styx-api
(Maven)
Mar 3, 2020
Sandbox bypass in constantinople
Moderate
GHSA-hg7c-66ff-9q8g
was published
for
constantinople
(npm)
Jul 31, 2020
•
withdrawn
Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET
Moderate
CVE-2020-5268
was published
for
Sustainsys.Saml2
(NuGet)
Apr 22, 2020
Potential Observable Timing Discrepancy in Wagtail
Moderate
CVE-2020-11037
was published
for
wagtail
(pip)
May 7, 2020
path traversal in Jooby
Moderate
CVE-2020-7647
was published
for
io.jooby:jooby
(Maven)
May 13, 2020
Incorrect Default Permissions in keyring
Moderate
CVE-2012-5578
was published
for
keyring
(pip)
Mar 10, 2020
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Moderate
CVE-2019-10785
was published
for
dojox
(npm)
Feb 13, 2020
Persistent Cross-Site scripting in Nexus Repository Manager
Moderate
CVE-2020-10203
was published
for
org.sonatype.nexus:nexus-core
(Maven)
Apr 14, 2020
Internal NCryptDecrypt method could be used externally from WindowsHello library.
Moderate
CVE-2020-11005
was published
for
HaemmerElectronics.SeppPenner.WindowsHello
(NuGet)
Apr 14, 2020
Cross-Site Scripting in BookStack
Moderate
CVE-2020-11055
was published
for
ssddanbrown/bookstack
(Composer)
May 7, 2020
Cross-site scripting in PHPMailer
Moderate
CVE-2017-11503
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
python-gnupg allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended
Moderate
GHSA-qh62-ch95-63wh
was published
for
python-gnupg
(pip)
Mar 13, 2020
•
withdrawn
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Moderate
CVE-2020-11094
was published
for
rainlab/debugbar-plugin
(Composer)
Jun 3, 2020
DoS via malicious record IDs in WatermelonDB
Moderate
CVE-2020-4035
was published
for
@nozbe/watermelondb
(npm)
Jun 3, 2020
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Moderate
CVE-2020-5262
was published
for
easybuild-framework
(pip)
Mar 19, 2020
Path Traversal in statics-server
Moderate
CVE-2019-15596
was published
for
statics-server
(npm)
Mar 31, 2020
ProTip!
Advisories are also available from the
GraphQL API