Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,764
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
Regular Expression Denial of Service in papaparse High
GHSA-qvjc-g5vr-mfgr was published for papaparse (npm) Sep 4, 2020
tdunlap607
Command Injection in local-devices High
GHSA-w725-67p7-xv22 was published for local-devices (npm) Sep 3, 2020
tdunlap607
Cross-Site Scripting in @toast-ui/editor High
GHSA-cr56-66mx-293v was published for @toast-ui/editor (npm) Sep 3, 2020
tdunlap607
Command Injection in node-rules High
GHSA-8whr-v3gm-w8h9 was published for node-rules (npm) Sep 3, 2020
tdunlap607
Cross-Site Scripting in bootstrap-vue High
GHSA-c7pp-x73h-4m2v was published for bootstrap-vue (npm) Sep 2, 2020
tdunlap607
Cross-Site Scripting in swagger-ui High
CVE-2016-1000233 was published for swagger-ui (npm) Sep 1, 2020
tdunlap607
Cross-Site Scripting in emojione High
CVE-2016-1000231 was published for emojione (npm) Sep 1, 2020
tdunlap607
Content Injection in remarkable High
CVE-2014-10065 was published for remarkable (npm) Aug 31, 2020
tdunlap607
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
Data leakage via cache key collision in Django High
CVE-2020-13254 was published for Django (pip) Jun 5, 2020
tdunlap607
XSS/Script injection vulnerability in matestack High
CVE-2020-5241 was published for matestack-ui-core (RubyGems) Feb 12, 2020
PragTob tdunlap607
Aubio is vulnerable to a NULL pointer dereference in new_aubio_notes function High
CVE-2018-19802 was published for aubio (pip) Jul 26, 2019
tdunlap607
NoSQL Injection in sequelize High
GHSA-wfp9-vr4j-f49j was published for sequelize (npm) Jun 4, 2019
tdunlap607
Insecure Comparison in secure-compare High
CVE-2015-9238 was published for secure-compare (npm) Jun 3, 2019
tdunlap607
Denial of Service in axios High
CVE-2019-10742 was published for axios (npm) May 29, 2019
tdunlap607
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow High
CVE-2018-8825 was published for tensorflow (pip) Apr 24, 2019
tdunlap607
Improper Certificate Validation in urllib3 High
CVE-2019-11324 was published for urllib3 (pip) Apr 19, 2019
tdunlap607
SQL Injection in sequelize High
CVE-2019-11069 was published for sequelize (npm) Apr 11, 2019
tdunlap607
SQL Injection in sequelize High
CVE-2016-10556 was published for sequelize (npm) Feb 18, 2019
tdunlap607
Uncontrolled Memory Consumption in Django High
CVE-2019-6975 was published for Django (pip) Feb 12, 2019
tdunlap607
Pylons Colander Denial of Service vulnerability High
CVE-2017-18361 was published for colander (pip) Feb 7, 2019
tdunlap607
PyKMIP Denial of service vulnerability High
CVE-2018-1000872 was published for pykmip (pip) Dec 21, 2018
tdunlap607
Private Data Disclosure in express-restify-mongoose High
CVE-2016-10533 was published for express-restify-mongoose (npm) Oct 23, 2018
tdunlap607
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request High
CVE-2017-14949 was published for org.restlet.jse:org.restlet (Maven) Oct 17, 2018
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database