Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

7,021 advisories

Loading
Sprockets path traversal leads to information leak High
CVE-2018-3760 was published for sprockets (RubyGems) Jun 20, 2018
kurt-r2c
Authentication Weakness in keystone High
CVE-2015-9240 was published for keystone (npm) Jun 7, 2018
Denial of Service in hapi High
CVE-2015-9241 was published for hapi (npm) Jun 7, 2018
Denial of Service in ecstatic High
CVE-2015-9242 was published for ecstatic (npm) Jun 7, 2018
tdunlap607
Prototype Pollution in hoek High
CVE-2018-3728 was published for hoek (npm) Apr 26, 2018
Electron protocol handler browser vulnerable to Command Injection High
CVE-2018-1000118 was published for electron (npm) Mar 26, 2018
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration High
CVE-2018-1000136 was published for electron (npm) Mar 26, 2018
Churro
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting High
CVE-2018-3740 was published for sanitize (RubyGems) Mar 21, 2018
Cap-Strap gem for Ruby places credentials on the useradd command line High
CVE-2014-4992 was published for cap-strap (RubyGems) Mar 16, 2018
tiny-json-http missing SSL certificate validation High
CVE-2018-1000096 was published for tiny-json-http (npm) Mar 13, 2018
pym.js CSRF Vulnerability High
CVE-2018-1000086 was published for pym.js (npm) Mar 13, 2018
Auth0-js bypasses CSRF checks High
CVE-2018-7307 was published for auth0-js (npm) Mar 7, 2018
brbackup exposes database password to unauthorized users High
CVE-2014-5004 was published for brbackup (RubyGems) Mar 5, 2018
AWS Lambda parser is vulnerable to Regular Expression Denial of Service High
CVE-2018-7560 was published for aws-lambda-multipart-parser (npm) Mar 5, 2018
ejs vulnerable to DoS due to weak input validation High
CVE-2017-1000189 was published for ejs (npm) Mar 5, 2018
Regular Expression Denial of Service in moment High
CVE-2017-18214 was published for moment (npm) Mar 5, 2018
tdunlap607
ReDoS in brace-expansion High
CVE-2017-18077 was published for brace-expansion (npm) Jan 29, 2018
Omniauth allows POST parameters to be stored in session High
CVE-2017-18076 was published for omniauth (RubyGems) Jan 29, 2018
Directory traversal vulnerability in Next.js High
CVE-2018-6184 was published for next (npm) Jan 24, 2018
lynx doesn't properly sanitize user input and exposes database password to unauthorized users High
CVE-2014-5002 was published for lynx (RubyGems) Jan 24, 2018
Remote Code Execution in electron High
CVE-2018-1000006 was published for electron (npm) Jan 23, 2018
lawn-login exposes database password to unauthorized users High
CVE-2014-5000 was published for lawn-login (RubyGems) Jan 22, 2018
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames High
CVE-2017-1000452 was published for samlify (npm) Jan 4, 2018
eoftedal
Denial of Service in ecstatic High
CVE-2016-10703 was published for ecstatic (npm) Dec 28, 2017
ProTip! Advisories are also available from the GraphQL API