GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
93,478 advisories
Filter by severity
Downloads Resources over HTTP in bionode-sra
High
CVE-2016-10613
was published
for
bionode-sra
(npm)
Feb 18, 2019
High severity vulnerability that affects DotNetZip
High
CVE-2018-1002205
was published
for
DotNetZip
(NuGet)
Oct 16, 2018
Default Express middleware security check is ignored in production
High
GHSA-4j6x-w426-6rc6
was published
for
@cubejs-backend/api-gateway
(npm)
Nov 8, 2019
In blynk-server a Directory Traversal exists
High
CVE-2018-17785
was published
for
com.github.blynkkk:blynk-server
(Maven)
Oct 17, 2018
Apache Tika does not properly initialize the XML parser or choose handlers
High
CVE-2016-4434
was published
for
org.apache.tika:tika-core
(Maven)
Oct 17, 2018
Downloads Resources over HTTP in baryton-saxophone
High
CVE-2016-10573
was published
for
baryton-saxophone
(npm)
Feb 18, 2019
High severity vulnerability that affects privacyIDEA
High
CVE-2018-1000809
was published
for
privacyIDEA
(pip)
Jan 14, 2019
Downloads Resources over HTTP in webrtc-native
High
CVE-2016-10600
was published
for
webrtc-native
(npm)
Feb 18, 2019
Pycrypto generates weak key parameters
High
CVE-2018-6594
was published
for
pycrypto
(pip)
Jul 12, 2018
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0639
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Mitmweb in mitmproxy allows DNS Rebinding attacks
High
CVE-2018-14505
was published
for
mitmproxy
(pip)
Jul 31, 2018
Authentication Bypass in passport-azure-ad
High
CVE-2016-7191
was published
for
passport-azure-ad
(npm)
Jul 26, 2018
Downloads Resources over HTTP in mongodb-instance
High
CVE-2016-10572
was published
for
mongodb-instance
(npm)
Feb 18, 2019
Path Traversal in http-live-simulator
High
CVE-2018-16479
was published
for
http-live-simulator
(npm)
Feb 7, 2019
High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua
High
CVE-2018-12086
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-7521
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Downloads Resources over HTTP in operadriver
High
CVE-2016-10565
was published
for
operadriver
(npm)
Feb 18, 2019
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
High
CVE-2018-1000164
was published
for
gunicorn
(pip)
Jul 12, 2018
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
High
CVE-2016-1000344
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 18, 2018
Downloads Resources over HTTP in curses
High
CVE-2016-10615
was published
for
curses
(npm)
Feb 18, 2019
Downloads Resources over HTTP in box2d-native
High
CVE-2016-10617
was published
for
box2d-native
(npm)
Feb 18, 2019
Downloads Resources over HTTP in macaca-chromedriver-zxa
High
CVE-2016-10623
was published
for
macaca-chromedriver-zxa
(npm)
Feb 18, 2019
Ansible fails to cache SSH host keys
High
CVE-2013-2233
was published
for
ansible
(pip)
Oct 10, 2018
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
High
CVE-2018-11778
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
High severity vulnerability that affects qs
High
GHSA-crvj-3gj9-gm2p
was published
for
qs
(npm)
Oct 9, 2018
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API