GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
298 advisories
Filter by severity
Regular Expression Denial of Service in charset
High
CVE-2017-16098
was published
for
charset
(npm)
Aug 9, 2018
redcarpet Buffer Overflow vulnerability
High
CVE-2015-5147
was published
for
redcarpet
(RubyGems)
Aug 15, 2018
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data
High
CVE-2018-1000656
was published
for
flask
(pip)
Aug 23, 2018
ember-source Cross-site Scripting vulnerability
Low
CVE-2014-0046
was published
for
ember-source
(RubyGems)
Aug 28, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
PyOpenSSL Use-After-Free vulnerability
High
CVE-2018-1000807
was published
for
pyopenssl
(pip)
Oct 10, 2018
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request
High
CVE-2017-14949
was published
for
org.restlet.jse:org.restlet
(Maven)
Oct 17, 2018
Excessive memory allocation
Moderate
CVE-2018-12541
was published
for
io.vertx:vertx-core
(Maven)
Oct 17, 2018
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
Critical
CVE-2018-12542
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
Critical
CVE-2018-18389
was published
for
org.neo4j:neo4j-enterprise
(Maven)
Oct 17, 2018
Private Data Disclosure in express-restify-mongoose
High
CVE-2016-10533
was published
for
express-restify-mongoose
(npm)
Oct 23, 2018
mysql-bunuuid-rails vulnerable to SQL injection
Critical
CVE-2018-18476
was published
for
mysql-binuuid-rails
(RubyGems)
Oct 30, 2018
Remote Memory Exposure in request
Moderate
CVE-2017-16026
was published
for
request
(npm)
Nov 9, 2018
PyKMIP Denial of service vulnerability
High
CVE-2018-1000872
was published
for
pykmip
(pip)
Dec 21, 2018
Django denial-of-service possibility in urlize and urlizetrunc template filters
Moderate
CVE-2018-7536
was published
for
Django
(pip)
Jan 4, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Pylons Colander Denial of Service vulnerability
High
CVE-2017-18361
was published
for
colander
(pip)
Feb 7, 2019
Uncontrolled Memory Consumption in Django
High
CVE-2019-6975
was published
for
Django
(pip)
Feb 12, 2019
ProTip!
Advisories are also available from the
GraphQL API