Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,117 advisories

Loading
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization Critical
CVE-2018-1295 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication Critical
CVE-2016-4432 was published for org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol (Maven) Oct 16, 2018
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal Critical
CVE-2017-12611 was published for org.apache.struts:struts2-core (Maven) Oct 16, 2018
sunSUNQ
The installation wizard in DotNetNuke (DNN) allows privilege escalation Critical
CVE-2015-2794 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
FasterXML jackson-databind allows unauthenticated remote code execution Critical
CVE-2018-7489 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 16, 2018
sunSUNQ
Critical severity vulnerability that affects recurly-api-client Critical
CVE-2017-0907 was published for recurly-api-client (NuGet) Oct 16, 2018
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization Critical
CVE-2017-3159 was published for org.apache.camel:camel-snakeyaml (Maven) Oct 16, 2018
sunSUNQ
jackson-databind is vulnerable to a deserialization flaw Critical
CVE-2017-7525 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 16, 2018
sunSUNQ
dojox vulnerable to unescaped string injection Critical
CVE-2018-15494 was published for dojox (npm) Oct 15, 2018
Denial of Service in memjs Critical
CVE-2018-3767 was published for memjs (npm) Oct 10, 2018
Ansible fails to cache SSH host keys Critical
CVE-2013-2233 was published for ansible (pip) Oct 10, 2018
Ansible fails to properly sanitize fact variables sent from the Ansible controller Critical
CVE-2016-8628 was published for ansible (pip) Oct 10, 2018
Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems Critical
CVE-2016-9587 was published for ansible (pip) Oct 10, 2018
Out-of-bounds Read in atob Critical
CVE-2018-3745 was published for atob (npm) Oct 9, 2018
Prototype Pollution in deep-extend Critical
CVE-2018-3750 was published for deep-extend (npm) Oct 9, 2018
Verification Bypass in jsonwebtoken Critical
CVE-2015-9235 was published for jsonwebtoken (npm) Oct 9, 2018
Prototype Pollution in merge-options Critical
CVE-2018-3752 was published for merge-options (npm) Oct 9, 2018
smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature Critical
CVE-2018-14643 was published for smart_proxy_dynflow (RubyGems) Oct 8, 2018
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
Prototype Pollution in merge-recursive Critical
CVE-2018-3751 was published for merge-recursive (npm) Sep 18, 2018
Path Traversal in html-pages Critical
CVE-2018-3744 was published for html-pages (npm) Sep 18, 2018
ps Enables OS Command Injection Critical
CVE-2018-16460 was published for ps (npm) Sep 17, 2018
Command Injection in egg-scripts Critical
CVE-2018-3786 was published for egg-scripts (npm) Sep 17, 2018
tdunlap607
Insufficient Entropy in cryptiles Critical
CVE-2018-1000620 was published for cryptiles (npm) Sep 11, 2018
jkmartindale
Sensitive Data Exposure in msrcrypto Critical
CVE-2018-8319 was published for msrcrypto (npm) Sep 10, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database