Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

298 advisories

Loading
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2020-12648 was published for tinymce (npm) Aug 11, 2020
tdunlap607
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
Cross site scripting in Angular Moderate
CVE-2020-7676 was published for angular (npm) Jun 18, 2020
tdunlap607
XSS in Django Moderate
CVE-2020-13596 was published for django (pip) Jun 5, 2020
tdunlap607
Data leakage via cache key collision in Django Moderate
CVE-2020-13254 was published for django (pip) Jun 5, 2020
tdunlap607
Exposure of Sensitive Information to an Unauthorized Actor in AEgir Critical
CVE-2020-11059 was published for aegir (npm) May 27, 2020
tdunlap607
XSS/Script injection vulnerability in matestack High
CVE-2020-5241 was published for matestack-ui-core (RubyGems) Feb 12, 2020
PragTob tdunlap607
Loofah Allows Cross-site Scripting Moderate
CVE-2019-15587 was published for loofah (RubyGems) Nov 5, 2019
tdunlap607
Rubyzip denial of service Moderate
CVE-2019-16892 was published for rubyzip (RubyGems) Sep 30, 2019
tdunlap607
Status Board vulnerable to Cross-Site Scripting before v1.1.82 Moderate
CVE-2019-15479 was published for status-board (npm) Sep 23, 2019
tdunlap607
Cross-Site Scripting in webtorrent Moderate
CVE-2019-15782 was published for webtorrent (npm) Sep 4, 2019
tdunlap607
Cross-site Scripting in django-js-reverse Moderate
CVE-2019-15486 was published for django-js-reverse (pip) Aug 27, 2019
tdunlap607
Nokogiri Command Injection Vulnerability Critical
CVE-2019-5477 was published for nokogiri (RubyGems) Aug 19, 2019
tdunlap607
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2019-10156 was published for ansible (pip) Jul 31, 2019
tdunlap607
Aubio is vulnerable to a NULL pointer dereference in new_aubio_notes function High
CVE-2018-19802 was published for aubio (pip) Jul 26, 2019
tdunlap607
Cross-site Scripting in invenio-communities Moderate
CVE-2019-1020005 was published for invenio-communities (pip) Jul 16, 2019
tdunlap607
NoSQL Injection in sequelize High
GHSA-wfp9-vr4j-f49j was published for sequelize (npm) Jun 4, 2019
tdunlap607
Command Injection in command-exists Critical
GHSA-cff4-rrq6-h78w was published for command-exists (npm) Jun 3, 2019
tdunlap607
Insecure Comparison in secure-compare High
CVE-2015-9238 was published for secure-compare (npm) Jun 3, 2019
tdunlap607
Denial of Service in axios High
CVE-2019-10742 was published for axios (npm) May 29, 2019
tdunlap607
Cross-Site Scripting in webpack-bundle-analyzer Moderate
GHSA-pgr8-jg6h-8gw6 was published for webpack-bundle-analyzer (npm) May 23, 2019
tdunlap607
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow High
CVE-2018-8825 was published for tensorflow (pip) Apr 24, 2019
tdunlap607
Improper Certificate Validation in urllib3 High
CVE-2019-11324 was published for urllib3 (pip) Apr 19, 2019
tdunlap607
SQL Injection in sequelize High
CVE-2019-11069 was published for sequelize (npm) Apr 11, 2019
tdunlap607
Remote Memory Disclosure in ws Low
CVE-2016-10518 was published for ws (npm) Feb 18, 2019
tdunlap607
ProTip! Advisories are also available from the GraphQL API