Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

4,715 advisories

Loading
Vulnerability in RPKI manifest validation High
GHSA-q76j-58cx-wp5v was published for net.ripe.rpki:rpki-validator-3 (Maven) Nov 13, 2020
Remote Code Execution in pomelo-monitor High
GHSA-m5ch-gx8g-rg73 was published for pomelo-monitor (npm) Sep 2, 2020
Improper Input Validation in async-http-client High
CVE-2017-14063 was published for org.asynchttpclient:async-http-client (Maven) Oct 19, 2018
File restriction bypass in socket.io-file High
GHSA-6495-8jvh-f28x was published for socket.io-file (npm) Oct 2, 2020
Remote Code Execution in office-converter High
GHSA-9p64-h5q4-phpm was published for office-converter (npm) Sep 2, 2020
Remote Code Execution in pi_video_recording High
GHSA-9wjh-jr2j-6r4x was published for pi_video_recording (npm) Sep 2, 2020
DNN (aka DotNetNuke) has Remote Code Execution via a cookie High
CVE-2017-9822 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
Denial of service in XStream High
CVE-2017-7957 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
The REST Plugin in Apache Struts is using an outdated XStream library High
CVE-2017-9793 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
Missing Origin Validation in webpack-dev-server High
CVE-2018-14732 was published for webpack-dev-server (npm) Jan 4, 2019
NikoRaisanen
Keystone is vulnerable to CSV injection High
CVE-2017-15879 was published for keystone (npm) Nov 16, 2017
AWS Lambda parser is vulnerable to Regular Expression Denial of Service High
CVE-2018-7560 was published for aws-lambda-multipart-parser (npm) Mar 5, 2018
Prototype Pollution Protection Bypass in qs High
CVE-2017-1000048 was published for qs (npm) Apr 30, 2020
Improper input validation in Apache Olingo High
CVE-2019-17555 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database