Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

113,773 advisories

Loading
Cross-Site Scripting in sanitize-html Moderate
CVE-2016-1000237 was published for sanitize-html (npm) Apr 16, 2020
Introspection in schema validation in Apollo Server Moderate
GHSA-w42g-7vfc-xf37 was published for apollo-server (npm) Jun 5, 2020
Cross-Site Scripting (XSS) in Verdaccio Moderate
CVE-2019-14772 was published for verdaccio (npm) May 29, 2019
evilpacket
Information disclosure in JBoss Weld Moderate
CVE-2014-8122 was published for org.jboss.weld:weld-core-bom (Maven) Jun 10, 2020
Use of insecure jQuery version in OctoberCMS Moderate
GHSA-v73w-r9xg-7cr9 was published for october/october (Composer) Jun 5, 2020
mrgswift
URL Redirection to Untrusted Site (Open Redirect) in Ktor Moderate
CVE-2019-19703 was published for io.ktor:ktor-client-core (Maven) Feb 12, 2020
Sanitizer bypass in svg-sanitizer Moderate
CVE-2019-10772 was published for enshrined/svg-sanitize (Composer) Feb 27, 2020
Malicious package may avoid detection in python auditing Moderate
CVE-2020-5252 was published for safety (pip) Mar 24, 2020
akoumjian G-Rath
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) Moderate
GHSA-7fhm-mqm4-2wp7 was published for acorn (npm) Mar 13, 2020 withdrawn
Local file disclosure in PHPMailer Moderate
CVE-2017-5223 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
CSRF and DNS Rebinding in Oasis Moderate
CVE-2020-11003 was published for @fraction/oasis (npm) Apr 16, 2020
christianbundy zozs
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service Moderate
CVE-2017-12625 was published for org.apache.hive:hive (Maven) Mar 14, 2019
Moderate severity vulnerability that affects python-gnupg Moderate
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7652 was published for snyk-broker (npm) Jun 3, 2020
Cross-Site Scripting in SVG Sanitizer Moderate
CVE-2020-11070 was published for t3g/svg-sanitizer (Composer) May 13, 2020
NeoBlack
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) Moderate
CVE-2016-7119 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js Moderate
CVE-2017-11429 was published for saml2-js (npm) Jul 5, 2019
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy Moderate
CVE-2016-10006 was published for org.owasp.antisamy:antisamy (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j Moderate
CVE-2018-1298 was published for org.apache.qpid:apache-qpid-broker-j (Maven) Oct 19, 2018
Moderate severity vulnerability that affects com.sparkjava:spark-core Moderate
CVE-2018-9159 was published for com.sparkjava:spark-core (Maven) Oct 19, 2018
Moderate severity vulnerability that affects rails-html-sanitizer Moderate
GHSA-77pc-q5q7-qg9h was published for rails-html-sanitizer (RubyGems) Sep 17, 2018 withdrawn
Moderate severity vulnerability that affects activerecord Moderate
GHSA-7phj-gmgx-2r66 was published for activerecord (RubyGems) Sep 17, 2018 withdrawn
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2016-8629 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
HTML Injection in shout Moderate
CVE-2017-16043 was published for shout (npm) Nov 7, 2018
Cross-Site Scripting in editor.md Moderate
CVE-2019-9737 was published for editor.md (npm) Mar 14, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database