Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,989 advisories

Loading
Code Execution through IIFE in node-serialize Critical
CVE-2017-5941 was published for node-serialize (npm) Jul 18, 2018
Code Execution Through IIFE in serialize-to-js Critical
CVE-2017-5954 was published for serialize-to-js (npm) Jul 18, 2018
tdunlap607
Loaded Databook of Tablib prone to python insertion resulting in command execution Critical
CVE-2017-2810 was published for tablib (pip) Jul 13, 2018
Diffoscope may write to arbitrary locations due to an untrusted archive Critical
CVE-2017-0359 was published for diffoscope (pip) Jul 13, 2018
Unsafe deserialization in owlmixin Critical
CVE-2017-16618 was published for owlmixin (pip) Jul 13, 2018
Unsafe deserialization in MLAlchemy Critical
CVE-2017-16615 was published for MLAlchemy (pip) Jul 13, 2018
django_make_app is vulnerable to Code Injection Critical
CVE-2017-16764 was published for django_make_app (pip) Jul 13, 2018
Django-Anymail prone to a timing attack Critical
CVE-2018-6596 was published for django-anymail (pip) Jul 12, 2018
Koji hub call does not perform correct access checks Critical
CVE-2018-1002150 was published for koji (pip) Jul 12, 2018
Eve allows execution of arbitrary code Critical
CVE-2018-8097 was published for eve (pip) Jul 12, 2018
Paramiko not properly checking authentication before processing other requests Critical
CVE-2018-7750 was published for paramiko (pip) Jul 12, 2018
Malicious Package in eslint-scope Critical
GHSA-hxxf-q3w9-4xgw was published for eslint-config-eslint (npm) Jul 12, 2018
volkdm
Growl before 1.10.0 vulnerable to Command Injection Critical
CVE-2017-16042 was published for growl (npm) Jun 8, 2018
Arbitrary Code Injection in reduce-css-calc Critical
CVE-2016-10548 was published for reduce-css-calc (npm) Jun 7, 2018
Command Injection in pdfinfojs Critical
CVE-2018-3746 was published for pdfinfojs (npm) Jun 7, 2018
bson is vulnerable to denial of service due to incorrect regex validation Critical
CVE-2015-4412 was published for bson (RubyGems) Mar 5, 2018
paperclip Server-Side Request Forgery vulnerability Critical
CVE-2017-0889 was published for paperclip (RubyGems) Jan 22, 2018
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001003 was published for mathjs (npm) Dec 18, 2017
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001002 was published for mathjs (npm) Dec 18, 2017
Recurly gem Server-Side Request Forgery in Resource#find method Critical
CVE-2017-0905 was published for recurly (RubyGems) Dec 6, 2017
redis-store deserializes untrusted data Critical
CVE-2017-1000248 was published for redis-store (RubyGems) Dec 6, 2017
ejs is vulnerable to remote code execution due to weak input validation Critical
CVE-2017-1000228 was published for ejs (npm) Nov 30, 2017
Potential Command Injection in printer Critical
CVE-2014-3741 was published for printer (npm) Nov 28, 2017
keycloak-connect and keycloak-js improperly handle invalid tokens Critical
CVE-2017-7474 was published for keycloak-connect (npm) Nov 15, 2017
melkikh
rails vulnerable to improper authentication Critical
CVE-2009-2422 was published for rails (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API