Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,041 advisories

Loading
Negative charge in shopping cart in Shopizer Critical
CVE-2020-11007 was published for com.shopizer:sm-core-model (Maven) Apr 22, 2020
Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager High
CVE-2020-10204 was published for org.sonatype.nexus:nexus-core (Maven) Apr 14, 2020
Improper Input Validation in Twisted Critical
CVE-2020-10108 was published for Twisted (pip) Mar 31, 2020
SMTP Injection in PHPMailer Low
CVE-2015-8476 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Denial of Service in uap-core when processing crafted User-Agent strings Moderate
CVE-2020-5243 was published for uap-core (RubyGems) Feb 20, 2020
bcaller
TaffyDB can allow access to any data items in the DB High
CVE-2019-10790 was published for taffy (npm) Feb 19, 2020
ebickle
Improper Input Validation in Apache Solr High
CVE-2019-17558 was published for org.apache.solr:solr-core (Maven) Feb 12, 2020
Improper input validation in Apache Olingo High
CVE-2019-17555 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Incorrect signature verification in SimpleSAMLphp Moderate
CVE-2016-9955 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
thijskh
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10769 was published for safer-eval (npm) Dec 11, 2019
Argument injection in a MimeTypeGuesser in Symfony High
CVE-2019-18888 was published for symfony/http-foundation (Composer) Dec 2, 2019
Prototype Pollution in angular High
CVE-2019-10768 was published for angular (npm) Nov 20, 2019
Critical severity vulnerability that affects slpjs Critical
CVE-2019-16762 was published for slpjs (npm) Nov 15, 2019
Validation Bypass in slp-validate Critical
CVE-2019-16761 was published for slp-validate (npm) Nov 15, 2019
Improper Input Validation in Automattic Mongoose Critical
CVE-2019-17426 was published for mongoose (npm) Oct 22, 2019
wyardley
Regular Expression Denial of Service in csv-parse High
CVE-2019-17592 was published for csv-parse (npm) Oct 15, 2019
Improper Input Validation in simple_form Critical
CVE-2019-16676 was published for simple_form (RubyGems) Sep 30, 2019
kurt-r2c
Improper Input Validation and Cross-Site Request Forgery in Keycloak High
CVE-2019-10199 was published for org.keycloak:keycloak-core (Maven) Sep 23, 2019
Improper input validation in Apache Santuario XML Security for Java Moderate
CVE-2019-12400 was published for org.apache.santuario:xmlsec (Maven) Aug 27, 2019
Arbitrary Code Execution in eslint-utils Critical
CVE-2019-15657 was published for eslint-utils (npm) Aug 26, 2019
assign-deep Vulnerable to Prototype Pollution High
CVE-2019-10745 was published for assign-deep (npm) Aug 21, 2019
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ Moderate
CVE-2015-7559 was published for org.apache.activemq:activemq-client (Maven) Aug 1, 2019
sunSUNQ
samlr XML nodes comment attack High
CVE-2018-20857 was published for samlr (RubyGems) Jul 31, 2019
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (npm) Jul 10, 2019
MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation Critical
CVE-2019-9845 was published for MadsKristensen.AspNetCore.Miniblog (NuGet) Jul 5, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database