GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
93,441 advisories
Filter by severity
Information disclosure through error object in auth0.js
High
CVE-2020-5263
was published
for
auth0-js
(npm)
Apr 10, 2020
Deserialization of Untrusted Data in jackson-databind
High
GHSA-wrr7-33fx-rcvj
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 15, 2020
•
withdrawn
Uncontrolled Resource Consumption in Indy Node
High
CVE-2020-11090
was published
for
indy-node
(pip)
Jun 11, 2020
Private data exposure via REST API in BuddyPress
High
CVE-2020-5244
was published
for
buddypress/buddypress
(Composer)
Feb 24, 2020
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Incorrect Default Permissions in keyring
High
CVE-2012-5577
was published
for
keyring
(pip)
Mar 11, 2020
Read permissions not enforced for client provided filter expressions in Elide.
High
CVE-2020-5289
was published
for
com.yahoo.elide:elide-core
(Maven)
Mar 30, 2020
Downloads Resources over HTTP in selenium-download
High
CVE-2016-10559
was published
for
selenium-download
(npm)
Feb 18, 2019
Downloads Resources over HTTP in alto-saxophone
High
CVE-2016-10694
was published
for
alto-saxophone
(npm)
Jul 31, 2018
Prototype Pollution Protection Bypass in qs
High
CVE-2017-1000048
was published
for
qs
(npm)
Apr 30, 2020
Regular Expression Denial of Service in websocket-extensions (NPM package)
High
CVE-2020-7662
was published
for
websocket-extensions
(npm)
Jun 5, 2020
Downloads Resources over HTTP in selenium-standalone-painful
High
CVE-2016-10679
was published
for
selenium-standalone-painful
(npm)
Feb 18, 2019
Downloads Resources over HTTP in cmake
High
CVE-2016-10642
was published
for
cmake
(npm)
Aug 15, 2018
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0773
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Path Traversal in simplehttpserver
High
CVE-2018-16493
was published
for
static-resource-server
(npm)
Feb 7, 2019
Downloads Resources over HTTP in grunt-webdriver-qunit
High
CVE-2016-10606
was published
for
grunt-webdriver-qunit
(npm)
Feb 18, 2019
Downloads Resources over HTTP in bkjs-wand
High
CVE-2016-10571
was published
for
bkjs-wand
(npm)
Feb 18, 2019
High severity vulnerability that affects cfscrape
High
CVE-2017-7235
was published
for
cfscrape
(pip)
Jul 13, 2018
Downloads Resources over HTTP in selenium-portal
High
CVE-2016-10667
was published
for
selenium-portal
(npm)
Feb 18, 2019
High severity vulnerability that affects org.apache.tika:tika-core
High
CVE-2018-11761
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Downloads Resources over HTTP in google-closure-tools-latest
High
CVE-2016-10677
was published
for
google-closure-tools-latest
(npm)
Feb 18, 2019
Downloads Resources over HTTP in mystem3
High
CVE-2016-10626
was published
for
mystem3
(npm)
Feb 18, 2019
Regular Expression Denial of Service in negotiator
High
CVE-2016-10539
was published
for
negotiator
(npm)
Oct 9, 2018
ProTip!
Advisories are also available from the
GraphQL API