Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

93,478 advisories

Loading
Downloads Resources over HTTP in bionode-sra High
CVE-2016-10613 was published for bionode-sra (npm) Feb 18, 2019
High severity vulnerability that affects DotNetZip High
CVE-2018-1002205 was published for DotNetZip (NuGet) Oct 16, 2018
Default Express middleware security check is ignored in production High
GHSA-4j6x-w426-6rc6 was published for @cubejs-backend/api-gateway (npm) Nov 8, 2019
In blynk-server a Directory Traversal exists High
CVE-2018-17785 was published for com.github.blynkkk:blynk-server (Maven) Oct 17, 2018
Apache Tika does not properly initialize the XML parser or choose handlers High
CVE-2016-4434 was published for org.apache.tika:tika-core (Maven) Oct 17, 2018
Downloads Resources over HTTP in baryton-saxophone High
CVE-2016-10573 was published for baryton-saxophone (npm) Feb 18, 2019
High severity vulnerability that affects privacyIDEA High
CVE-2018-1000809 was published for privacyIDEA (pip) Jan 14, 2019
Downloads Resources over HTTP in webrtc-native High
CVE-2016-10600 was published for webrtc-native (npm) Feb 18, 2019
Pycrypto generates weak key parameters High
CVE-2018-6594 was published for pycrypto (pip) Jul 12, 2018
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0639 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Mitmweb in mitmproxy allows DNS Rebinding attacks High
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
Authentication Bypass in passport-azure-ad High
CVE-2016-7191 was published for passport-azure-ad (npm) Jul 26, 2018
Downloads Resources over HTTP in mongodb-instance High
CVE-2016-10572 was published for mongodb-instance (npm) Feb 18, 2019
Path Traversal in http-live-simulator High
CVE-2018-16479 was published for http-live-simulator (npm) Feb 7, 2019
High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua High
CVE-2018-12086 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 16, 2018
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service High
CVE-2015-7521 was published for org.apache.hive:hive (Maven) Nov 21, 2018
Downloads Resources over HTTP in operadriver High
CVE-2016-10565 was published for operadriver (npm) Feb 18, 2019
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers High
CVE-2018-1000164 was published for gunicorn (pip) Jul 12, 2018
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode High
CVE-2016-1000344 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 18, 2018
Downloads Resources over HTTP in curses High
CVE-2016-10615 was published for curses (npm) Feb 18, 2019
Downloads Resources over HTTP in box2d-native High
CVE-2016-10617 was published for box2d-native (npm) Feb 18, 2019
Downloads Resources over HTTP in macaca-chromedriver-zxa High
CVE-2016-10623 was published for macaca-chromedriver-zxa (npm) Feb 18, 2019
Ansible fails to cache SSH host keys High
CVE-2013-2233 was published for ansible (pip) Oct 10, 2018
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow High
CVE-2018-11778 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
High severity vulnerability that affects qs High
GHSA-crvj-3gj9-gm2p was published for qs (npm) Oct 9, 2018 withdrawn
ProTip! Advisories are also available from the GraphQL API