GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
413 advisories
Filter by severity
actionpack allows remote code execution via application's unrestricted use of render method
High
CVE-2016-2098
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Improper Input Validation in multi_xml
High
CVE-2013-0175
was published
for
multi_xml
(RubyGems)
Oct 24, 2017
nori contains Improper Input Validation
High
CVE-2013-0285
was published
for
nori
(RubyGems)
Oct 24, 2017
Puppet Improper Input Validation vulnerability
High
CVE-2013-1655
was published
for
puppet
(RubyGems)
Oct 24, 2017
Puppet Improper Input Validation vulnerability
High
CVE-2013-3567
was published
for
puppet
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
High
CVE-2013-0156
was published
for
actionpack
(RubyGems)
Oct 24, 2017
JSON gem has Improper Input Validation vulnerability
High
CVE-2013-0269
was published
for
json
(RubyGems)
Oct 24, 2017
High severity vulnerability that affects thin
High
CVE-2009-3287
was published
for
thin
(RubyGems)
Oct 24, 2017
Mail Gem Improper Input Validation vulnerability
High
CVE-2012-2140
was published
for
mail
(RubyGems)
Oct 24, 2017
Keystone is vulnerable to CSV injection
High
CVE-2017-15879
was published
for
keystone
(npm)
Nov 16, 2017
Ox gem crashes due to a crafted input
High
CVE-2017-15928
was published
for
ox
(RubyGems)
Nov 21, 2017
ejs vulnerable to DoS due to weak input validation
High
CVE-2017-1000189
was published
for
ejs
(npm)
Mar 5, 2018
AWS Lambda parser is vulnerable to Regular Expression Denial of Service
High
CVE-2018-7560
was published
for
aws-lambda-multipart-parser
(npm)
Mar 5, 2018
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting
High
CVE-2018-3740
was published
for
sanitize
(RubyGems)
Mar 21, 2018
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
High
CVE-2018-1000136
was published
for
electron
(npm)
Mar 26, 2018
FedMsg not properly completing message validation
High
CVE-2017-1000001
was published
for
FedMsg
(pip)
Jul 13, 2018
cfscrape Improper Input Validation vulnerability
High
CVE-2017-7235
was published
for
cfscrape
(pip)
Jul 13, 2018
feedparser denial of service vulnerability
High
CVE-2011-1156
was published
for
feedparser
(pip)
Jul 23, 2018
Prototype Pollution in mixin-deep
High
CVE-2018-3719
was published
for
mixin-deep
(npm)
Jul 26, 2018
PyCA Cryptography vulnerable to GCM tag forgery
High
CVE-2018-10903
was published
for
cryptography
(pip)
Jul 31, 2018
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data
High
CVE-2018-1000656
was published
for
flask
(pip)
Aug 23, 2018
Topydo Improper Input Validation vulnerability
High
CVE-2018-1000523
was published
for
topydo
(pip)
Sep 13, 2018
Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems
High
CVE-2016-9587
was published
for
ansible
(pip)
Oct 10, 2018
ProTip!
Advisories are also available from the
GraphQL API