GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24,036 advisories
Filter by severity
Critical severity vulnerability that affects slpjs
Critical
CVE-2019-16762
was published
for
slpjs
(npm)
Nov 15, 2019
Sandbox Breakout in realms-shim
Critical
GHSA-6jg8-7333-554w
was published
for
realms-shim
(npm)
Oct 4, 2019
Potential Command Injection in printer
Critical
CVE-2014-3741
was published
for
printer
(npm)
Nov 28, 2017
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character
Critical
CVE-2017-7676
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Verification Bypass in jsonwebtoken
Critical
CVE-2015-9235
was published
for
jsonwebtoken
(npm)
Oct 9, 2018
Arbitrary Code Injection in reduce-css-calc
Critical
CVE-2016-10548
was published
for
reduce-css-calc
(npm)
Jun 7, 2018
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
Critical
CVE-2018-15531
was published
for
net.bull.javamelody:javamelody-core
(Maven)
Oct 17, 2018
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password
Critical
CVE-2016-0733
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Arbitrary Code Injection in pouchdb
Critical
CVE-2016-10546
was published
for
pouchdb
(npm)
Jul 26, 2018
Prototype Pollution in async merge-object
Critical
CVE-2018-3753
was published
for
merge-object
(npm)
Sep 18, 2018
Critical severity vulnerability that affects generator-jhipster
Critical
GHSA-mwp6-j9wf-968c
was published
for
generator-jhipster
(npm)
Sep 13, 2019
•
withdrawn
Privilege Escalation due to Blind NoSQL Injection in flintcms
Critical
CVE-2018-3783
was published
for
flintcms
(npm)
Aug 21, 2018
Prototype Pollution in merge-options
Critical
CVE-2018-3752
was published
for
merge-options
(npm)
Oct 9, 2018
Denial of Service in https-proxy-agent
Critical
CVE-2018-3739
was published
for
https-proxy-agent
(npm)
Jul 27, 2018
Critical severity vulnerability that affects Auth0-WCF-Service-JWT
Critical
CVE-2019-7644
was published
for
Auth0-WCF-Service-JWT
(NuGet)
Apr 18, 2019
Critical severity vulnerability that affects recurly-api-client
Critical
CVE-2017-0907
was published
for
recurly-api-client
(NuGet)
Oct 16, 2018
Command Injection in macaddress
Critical
CVE-2018-13797
was published
for
macaddress
(npm)
Sep 6, 2018
Authentication Bypass in hapi-auth-jwt2
Critical
CVE-2016-10525
was published
for
hapi-auth-jwt2
(npm)
Feb 18, 2019
The installation wizard in DotNetNuke (DNN) allows privilege escalation
Critical
CVE-2015-2794
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Critical severity vulnerability that affects org.apache.solr:solr-core
Critical
CVE-2019-0192
was published
for
org.apache.solr:solr-core
(Maven)
Mar 14, 2019
Critical severity vulnerability that affects Haraka
Critical
CVE-2016-1000282
was published
for
Haraka
(npm)
Feb 12, 2019
Deserialization Code Execution in js-yaml
Critical
CVE-2013-4660
was published
for
js-yaml
(npm)
Oct 24, 2017
Critical severity vulnerability that affects dns-sync
Critical
GHSA-wxvm-fh75-mpgr
was published
for
dns-sync
(npm)
Jul 26, 2018
•
withdrawn
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
Critical
CVE-2018-16115
was published
for
com.typesafe.akka:akka-actor_2.11
(Maven)
Oct 22, 2018
ProTip!
Advisories are also available from the
GraphQL API