GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
113,773 advisories
Filter by severity
Cross-Site Scripting in sanitize-html
Moderate
CVE-2016-1000237
was published
for
sanitize-html
(npm)
Apr 16, 2020
Introspection in schema validation in Apollo Server
Moderate
GHSA-w42g-7vfc-xf37
was published
for
apollo-server
(npm)
Jun 5, 2020
Cross-Site Scripting (XSS) in Verdaccio
Moderate
CVE-2019-14772
was published
for
verdaccio
(npm)
May 29, 2019
Information disclosure in JBoss Weld
Moderate
CVE-2014-8122
was published
for
org.jboss.weld:weld-core-bom
(Maven)
Jun 10, 2020
Use of insecure jQuery version in OctoberCMS
Moderate
GHSA-v73w-r9xg-7cr9
was published
for
october/october
(Composer)
Jun 5, 2020
URL Redirection to Untrusted Site (Open Redirect) in Ktor
Moderate
CVE-2019-19703
was published
for
io.ktor:ktor-client-core
(Maven)
Feb 12, 2020
Sanitizer bypass in svg-sanitizer
Moderate
CVE-2019-10772
was published
for
enshrined/svg-sanitize
(Composer)
Feb 27, 2020
Malicious package may avoid detection in python auditing
Moderate
CVE-2020-5252
was published
for
safety
(pip)
Mar 24, 2020
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution)
Moderate
GHSA-7fhm-mqm4-2wp7
was published
for
acorn
(npm)
Mar 13, 2020
•
withdrawn
Local file disclosure in PHPMailer
Moderate
CVE-2017-5223
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
CSRF and DNS Rebinding in Oasis
Moderate
CVE-2020-11003
was published
for
@fraction/oasis
(npm)
Apr 16, 2020
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Moderate
CVE-2017-12625
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Moderate severity vulnerability that affects python-gnupg
Moderate
CVE-2014-1928
was published
for
python-gnupg
(pip)
Nov 6, 2018
Arbitrary File Read in Snyk Broker
Moderate
CVE-2020-7652
was published
for
snyk-broker
(npm)
Jun 3, 2020
Cross-Site Scripting in SVG Sanitizer
Moderate
CVE-2020-11070
was published
for
t3g/svg-sanitizer
(Composer)
May 13, 2020
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
Moderate
CVE-2016-7119
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js
Moderate
CVE-2017-11429
was published
for
saml2-js
(npm)
Jul 5, 2019
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy
Moderate
CVE-2016-10006
was published
for
org.owasp.antisamy:antisamy
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects com.sparkjava:spark-core
Moderate
CVE-2018-9159
was published
for
com.sparkjava:spark-core
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects rails-html-sanitizer
Moderate
GHSA-77pc-q5q7-qg9h
was published
for
rails-html-sanitizer
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects activerecord
Moderate
GHSA-7phj-gmgx-2r66
was published
for
activerecord
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2016-8629
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Cross-Site Scripting in editor.md
Moderate
CVE-2019-9737
was published
for
editor.md
(npm)
Mar 14, 2019
ProTip!
Advisories are also available from the
GraphQL API