GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
112,833 advisories
Filter by severity
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-23v3-qfrj-wmgh
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Path Traversal in statics-server
Moderate
CVE-2019-15596
was published
for
statics-server
(npm)
Mar 31, 2020
Cross-Site Scripting in sanitize-html
Moderate
CVE-2016-1000237
was published
for
sanitize-html
(npm)
Apr 16, 2020
SQL injection in Tortoise ORM
Moderate
CVE-2020-11010
was published
for
tortoise-orm
(pip)
Apr 20, 2020
Introspection in schema validation in Apollo Server
Moderate
GHSA-w42g-7vfc-xf37
was published
for
apollo-server
(npm)
Jun 5, 2020
Cross-Site Scripting (XSS) in Verdaccio
Moderate
CVE-2019-14772
was published
for
verdaccio
(npm)
May 29, 2019
Use of insecure jQuery version in OctoberCMS
Moderate
GHSA-v73w-r9xg-7cr9
was published
for
october/october
(Composer)
Jun 5, 2020
Information disclosure in JBoss Weld
Moderate
CVE-2014-8122
was published
for
org.jboss.weld:weld-core-bom
(Maven)
Jun 10, 2020
URL Redirection to Untrusted Site (Open Redirect) in Ktor
Moderate
CVE-2019-19703
was published
for
io.ktor:ktor-client-core
(Maven)
Feb 12, 2020
Sanitizer bypass in svg-sanitizer
Moderate
CVE-2019-10772
was published
for
enshrined/svg-sanitize
(Composer)
Feb 27, 2020
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution)
Moderate
GHSA-7fhm-mqm4-2wp7
was published
for
acorn
(npm)
Mar 13, 2020
•
withdrawn
Local file disclosure in PHPMailer
Moderate
CVE-2017-5223
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Malicious package may avoid detection in python auditing
Moderate
CVE-2020-5252
was published
for
safety
(pip)
Mar 24, 2020
CSRF and DNS Rebinding in Oasis
Moderate
CVE-2020-11003
was published
for
@fraction/oasis
(npm)
Apr 16, 2020
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Moderate
CVE-2017-12625
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Moderate severity vulnerability that affects python-gnupg
Moderate
CVE-2014-1928
was published
for
python-gnupg
(pip)
Nov 6, 2018
Cross-Site Scripting in SVG Sanitizer
Moderate
CVE-2020-11070
was published
for
t3g/svg-sanitizer
(Composer)
May 13, 2020
Arbitrary File Read in Snyk Broker
Moderate
CVE-2020-7652
was published
for
snyk-broker
(npm)
Jun 3, 2020
Moderate severity vulnerability that affects mayan-edms
Moderate
CVE-2018-16407
was published
for
mayan-edms
(pip)
Sep 6, 2018
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
Moderate
CVE-2016-7119
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy
Moderate
CVE-2016-10006
was published
for
org.owasp.antisamy:antisamy
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects mayan-edms
Moderate
CVE-2018-16406
was published
for
mayan-edms
(pip)
Sep 6, 2018
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js
Moderate
CVE-2017-11429
was published
for
saml2-js
(npm)
Jul 5, 2019
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
ProTip!
Advisories are also available from the
GraphQL API