Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

157 advisories

Loading
Ansible Leaks Data Passed to ssh-keygen High
CVE-2018-16837 was published for ansible (pip) May 13, 2022
NASA AIT-Core uses unencrypted channels to exchange data over the network High
CVE-2024-35061 was published for ait-core (pip) May 21, 2024
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID High
CVE-2020-12691 was published for keystone (pip) May 24, 2022
Craft CMS Vulnerable to Server-Side Template Injection High
CVE-2018-20465 was published for craftcms/cms (Composer) May 13, 2022
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute High
CVE-2018-25060 was published for github.com/go-macaron/csrf (Go) Dec 30, 2022
Jenkins HockeyApp Plugin stores credentials in plain text High
CVE-2019-1003053 was published for org.jenkins-ci.plugins:hockeyapp (Maven) May 13, 2022
twitch-tui's connection is not encrypted High
CVE-2023-38688 was published for twitch-tui (Rust) Jul 31, 2023
Roger
apk-parser2 downloads Resources over HTTP High
CVE-2016-10632 was published for apk-parser2 (npm) Sep 18, 2018
ibm_db downloads Resources over HTTP High
CVE-2016-10577 was published for ibm_db (npm) Feb 18, 2019
arrayfire-js downloads Resources over HTTP High
CVE-2016-10598 was published for arrayfire-js (npm) Feb 18, 2019
mystem downloads Resources over HTTP High
CVE-2016-10664 was published for mystem (npm) Feb 18, 2019
scalajs-standalone-bin Downloads Resources over HTTP High
CVE-2016-10634 was published for scalajs-standalone-bin (npm) Feb 18, 2019
closurecompiler downloads Resources over HTTP High
CVE-2016-10582 was published for closurecompiler (npm) Feb 18, 2019
grunt-images downloads Resources over HTTP High
CVE-2016-10645 was published for grunt-images (npm) Aug 15, 2018
frames-compiler downloads Resources over HTTP High
CVE-2016-10649 was published for frames-compiler (npm) Sep 1, 2020
poco downloads Resources over HTTP High
CVE-2016-10659 was published for poco (npm) Feb 18, 2019
windows-build-tools downloads Resources over HTTP High
CVE-2017-16003 was published for windows-build-tools (npm) Nov 9, 2018
herbivore downloads Resources over HTTP High
CVE-2016-10665 was published for herbivore (npm) Feb 18, 2019
headless-browser-lite downloads Resources over HTTP High
CVE-2016-10625 was published for headless-browser-lite (npm) Feb 18, 2019
fuseki downloads Resources over HTTP High
CVE-2016-10576 was published for fuseki (npm) Feb 18, 2019
slimerjs-edge downloads Resources over HTTP High
CVE-2016-10644 was published for slimerjs-edge (npm) Aug 15, 2018
jdf-sass downloads Resources over HTTP High
CVE-2016-10595 was published for jdf-sass (npm) Feb 18, 2019
windows-selenium-chromedriver downloads Resources over HTTP High
CVE-2016-10687 was published for windows-selenium-chromedriver (npm) Sep 1, 2020
xd-testing Downloads Resources over HTTP High
CVE-2016-10653 was published for xd-testing (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API