GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,836 advisories
Filter by severity
No Charset in Content-Type Header in express
Moderate
CVE-2014-6393
was published
for
express
(npm)
Oct 23, 2018
Apache ActiveMQ web console vulnerable to Cross-site Scripting
Moderate
CVE-2018-8006
was published
for
org.apache.activemq:activemq-web-console
(Maven)
Oct 30, 2018
Loofah Cross-site Scripting vulnerability
Moderate
CVE-2018-16468
was published
for
loofah
(RubyGems)
Nov 1, 2018
Stored Cross-Site Scripting in tianma-static
Moderate
CVE-2018-16474
was published
for
tianma-static
(npm)
Nov 6, 2018
XSS Filter Bypass via Encoded URL in validator
Moderate
CVE-2014-9772
was published
for
validator
(npm)
Nov 6, 2018
Cross-Site Scripting in nunjucks
Moderate
CVE-2016-10547
was published
for
nunjucks
(npm)
Nov 6, 2018
Pandao editor.md vulnerable to DOM XSS
Moderate
CVE-2018-19056
was published
for
editor.md
(npm)
Nov 9, 2018
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
Moderate
CVE-2017-7678
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Cross-Site Scripting (XSS) in restify
Moderate
CVE-2017-16018
was published
for
restify
(npm)
Nov 9, 2018
Cross-Site Scripting in sanitize-html
Moderate
CVE-2017-16017
was published
for
sanitize-html
(npm)
Nov 9, 2018
Cross-Site Scripting in morris.js
Moderate
CVE-2017-16022
was published
for
morris.js
(npm)
Nov 9, 2018
Cross-Site Scripting in sanitize-html
Moderate
CVE-2017-16016
was published
for
sanitize-html
(npm)
Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js
Moderate
CVE-2017-1000042
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Content Injection via TileJSON Name in mapbox.js
Moderate
CVE-2017-1000043
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Cross-Site Scripting in html-janitor
Moderate
CVE-2017-0931
was published
for
html-janitor
(npm)
Nov 9, 2018
Rack vulnerable to Cross-site Scripting
Moderate
CVE-2018-16471
was published
for
rack
(RubyGems)
Nov 15, 2018
Jupyter Notebook XSS via untrusted notebooks
Moderate
CVE-2018-19351
was published
for
notebook
(pip)
Nov 21, 2018
Jupyter Notebook XSS via directory name
Moderate
CVE-2018-19352
was published
for
notebook
(pip)
Nov 21, 2018
Ckeditor XSS Vulnerability
Moderate
CVE-2018-17960
was published
for
ckeditor
(Composer)
Nov 21, 2018
Cross-site Scripting in yapi-vendor
Moderate
CVE-2018-17574
was published
for
yapi-vendor
(npm)
Nov 21, 2018
Flask-Admin Cross-site Scripting vulnerability
Moderate
CVE-2018-16516
was published
for
flask-admin
(pip)
Dec 19, 2018
ProTip!
Advisories are also available from the
GraphQL API