GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
967 advisories
Filter by severity
django-sendfile2 before 0.7.0 contains reflected file download vulnerability
High
GHSA-pcjh-6r5h-r92r
was published
for
django-sendfile2
(pip)
Aug 11, 2022
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
Improper input validation in Apache Olingo
High
CVE-2019-17555
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
Negative charge in shopping cart in Shopizer
Critical
CVE-2020-11007
was published
for
com.shopizer:sm-core-model
(Maven)
Apr 22, 2020
SMTP Injection in PHPMailer
Low
CVE-2015-8476
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Validation Bypass in slp-validate
Critical
CVE-2019-16761
was published
for
slp-validate
(npm)
Nov 15, 2019
Prototype Pollution Protection Bypass in qs
High
CVE-2017-1000048
was published
for
qs
(npm)
Apr 30, 2020
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
Critical severity vulnerability that affects slpjs
Critical
CVE-2019-16762
was published
for
slpjs
(npm)
Nov 15, 2019
AWS Lambda parser is vulnerable to Regular Expression Denial of Service
High
CVE-2018-7560
was published
for
aws-lambda-multipart-parser
(npm)
Mar 5, 2018
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character
Critical
CVE-2017-7676
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Moderate
CVE-2018-1000023
was published
for
insight-api
(npm)
Mar 5, 2018
Verification Bypass in jsonwebtoken
Critical
CVE-2015-9235
was published
for
jsonwebtoken
(npm)
Oct 9, 2018
Keystone is vulnerable to CSV injection
High
CVE-2017-15879
was published
for
keystone
(npm)
Nov 16, 2017
Missing Origin Validation in webpack-dev-server
High
CVE-2018-14732
was published
for
webpack-dev-server
(npm)
Jan 4, 2019
Prototype Pollution in async merge-object
Critical
CVE-2018-3753
was published
for
merge-object
(npm)
Sep 18, 2018
Prototype Pollution in merge-options
Critical
CVE-2018-3752
was published
for
merge-options
(npm)
Oct 9, 2018
Moderate severity vulnerability that affects mailman
Moderate
CVE-2018-13796
was published
for
mailman
(pip)
Sep 11, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
The REST Plugin in Apache Struts is using an outdated XStream library
High
CVE-2017-9793
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
Deserialization Code Execution in js-yaml
Critical
CVE-2013-4660
was published
for
js-yaml
(npm)
Oct 24, 2017
Denial of service in XStream
High
CVE-2017-7957
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Jun 30, 2020
Forgeable Public/Private Tokens in jwt-simple
Critical
CVE-2016-10555
was published
for
jwt-simple
(npm)
Nov 6, 2018
ProTip!
Advisories are also available from the
GraphQL API