GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
9,025 advisories
Filter by severity
Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
Moderate
CVE-2011-1948
was published
for
Plone
(pip)
Jul 23, 2018
Moderate severity vulnerability that affects Products.PlonePAS
Moderate
CVE-2009-0662
was published
for
Products.PlonePAS
(pip)
Jul 23, 2018
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink
Moderate
CVE-2014-5003
was published
for
ciborg
(RubyGems)
Jul 23, 2018
Invalid Curve Attack in node-jose
Moderate
CVE-2017-16007
was published
for
node-jose
(npm)
Jul 20, 2018
Cross-site Scripting (XSS) - Stored in crud-file-server
Moderate
CVE-2018-3726
was published
for
crud-file-server
(npm)
Jul 18, 2018
Information Exposure on Case Insensitive File Systems in serve
Moderate
CVE-2018-3809
was published
for
serve
(npm)
Jul 18, 2018
Pysaml2 improperly initializes encryption vector
Moderate
CVE-2017-1000246
was published
for
pysaml2
(pip)
Jul 16, 2018
django-epiceditor vulnerable to XSS in form field
Moderate
CVE-2017-6591
was published
for
django-epiceditor
(pip)
Jul 13, 2018
python-fedora vulnerable to an open redirect resulting in loss of CSRF protection
Moderate
CVE-2017-1002150
was published
for
python-fedora
(pip)
Jul 13, 2018
markdown2 is vulnerable to cross-site scripting
Moderate
CVE-2018-5773
was published
for
markdown2
(pip)
Jul 12, 2018
Incorrect handling of CORS preflight request headers in hapi
Moderate
CVE-2015-9236
was published
for
hapi
(npm)
Jun 7, 2018
Sinatra Cross-site Scripting vulnerability
Moderate
CVE-2018-11627
was published
for
sinatra
(RubyGems)
Jun 5, 2018
Cross-Site Scripting in @ckeditor/ckeditor5-link
Moderate
CVE-2018-11093
was published
for
@ckeditor/ckeditor5-link
(npm)
May 23, 2018
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2018-3741
was published
for
rails-html-sanitizer
(RubyGems)
Apr 26, 2018
Cross-Site Scripting in @risingstack/protect
Moderate
CVE-2018-1000160
was published
for
@risingstack/protect
(npm)
Apr 25, 2018
Uncontrolled resource consumption in nokogiri
Moderate
CVE-2017-18258
was published
for
nokogiri
(RubyGems)
Apr 13, 2018
Cross-site Scripting in loofah
Moderate
CVE-2018-8048
was published
for
loofah
(RubyGems)
Mar 21, 2018
Doorkeeper is vulnerable to stored XSS and code execution
Moderate
CVE-2018-1000088
was published
for
doorkeeper
(RubyGems)
Mar 13, 2018
http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2015-1828
was published
for
http
(RubyGems)
Mar 13, 2018
rack-protection gem timing attack vulnerability when validating CSRF token
Moderate
CVE-2018-1000119
was published
for
rack-protection
(RubyGems)
Mar 7, 2018
Regular Expression Denial of Service in ssri
Moderate
CVE-2018-7651
was published
for
ssri
(npm)
Mar 7, 2018
rails_admin ruby gem XSS
Moderate
CVE-2017-12098
was published
for
rails_admin
(RubyGems)
Mar 5, 2018
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Moderate
CVE-2018-1000023
was published
for
insight-api
(npm)
Mar 5, 2018
ProTip!
Advisories are also available from the
GraphQL API