Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,395
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

109,805 advisories

Loading
Regular Expression Denial of Service in Acorn High
GHSA-6chw-6frg-f759 was published for acorn (npm) Apr 3, 2020
discord-html not escaping HTML code blocks when lacking a language identifier High
GHSA-9r27-994c-4xch was published for discord-markdown (npm) Feb 24, 2020
Downloads Resources over HTTP in rs-brightcove High
CVE-2016-10676 was published for rs-brightcove (npm) Feb 18, 2019
Cross-Site Scripting in seeftl High
CVE-2019-15603 was published for seeftl (npm) Apr 1, 2020
Open Redirect in ecstatic High
GHSA-9q64-mpxx-87fg was published for ecstatic (npm) Apr 1, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-11002 was published for io.dropwizard:dropwizard-validation (Maven) Apr 10, 2020
pwntester
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
codecov NPM module allows remote attackers to execute arbitrary commands High
CVE-2020-7597 was published for codecov (npm) Feb 19, 2020
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit High
GHSA-p94w-42g3-f7h4 was published for vp-toolkit (npm) Mar 6, 2020
Holder can generate proof of ownership for credentials it does not control in vp-toolkit High
GHSA-ff5x-w9wg-h275 was published for vp-toolkit (npm) Mar 6, 2020
Reflected XSS in GraphQL Playground High
CVE-2020-4038 was published for graphql-playground-html (npm) Jun 9, 2020
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Remote Code Execution Through Image Uploads in BookStack High
CVE-2020-5256 was published for ssddanbrown/bookstack (Composer) Mar 13, 2020
inc0x0 thiagomayllart
Cross-Site Scripting in fileview High
CVE-2019-15602 was published for fileview (npm) Apr 1, 2020
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
Deserialization of Untrusted Data in jackson-databind High
GHSA-wrr7-33fx-rcvj was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020 withdrawn
Private data exposure via REST API in BuddyPress High
CVE-2020-5244 was published for buddypress/buddypress (Composer) Feb 24, 2020
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Read permissions not enforced for client provided filter expressions in Elide. High
CVE-2020-5289 was published for com.yahoo.elide:elide-core (Maven) Mar 30, 2020
Downloads Resources over HTTP in selenium-download High
CVE-2016-10559 was published for selenium-download (npm) Feb 18, 2019
Downloads Resources over HTTP in alto-saxophone High
CVE-2016-10694 was published for alto-saxophone (npm) Jul 31, 2018
Prototype Pollution Protection Bypass in qs High
CVE-2017-1000048 was published for qs (npm) Apr 30, 2020
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0773 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Path Traversal in simplehttpserver High
CVE-2018-16493 was published for static-resource-server (npm) Feb 7, 2019
Regular Expression Denial of Service in websocket-extensions (NPM package) High
CVE-2020-7662 was published for websocket-extensions (npm) Jun 5, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database