Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

298 advisories

Loading
Improper Certificate Validation in urllib3 High
CVE-2019-11324 was published for urllib3 (pip) Apr 19, 2019
tdunlap607
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow High
CVE-2018-8825 was published for tensorflow (pip) Apr 24, 2019
tdunlap607
Cross-Site Scripting in webpack-bundle-analyzer Moderate
GHSA-pgr8-jg6h-8gw6 was published for webpack-bundle-analyzer (npm) May 23, 2019
tdunlap607
Denial of Service in axios High
CVE-2019-10742 was published for axios (npm) May 29, 2019
tdunlap607
Insecure Comparison in secure-compare High
CVE-2015-9238 was published for secure-compare (npm) Jun 3, 2019
tdunlap607
Command Injection in command-exists Critical
GHSA-cff4-rrq6-h78w was published for command-exists (npm) Jun 3, 2019
tdunlap607
NoSQL Injection in sequelize High
GHSA-wfp9-vr4j-f49j was published for sequelize (npm) Jun 4, 2019
tdunlap607
Cross-site Scripting in invenio-communities Moderate
CVE-2019-1020005 was published for invenio-communities (pip) Jul 16, 2019
tdunlap607
Aubio is vulnerable to a NULL pointer dereference in new_aubio_notes function High
CVE-2018-19802 was published for aubio (pip) Jul 26, 2019
tdunlap607
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2019-10156 was published for ansible (pip) Jul 31, 2019
tdunlap607
Nokogiri Command Injection Vulnerability Critical
CVE-2019-5477 was published for nokogiri (RubyGems) Aug 19, 2019
tdunlap607
Cross-site Scripting in django-js-reverse Moderate
CVE-2019-15486 was published for django-js-reverse (pip) Aug 27, 2019
tdunlap607
Cross-Site Scripting in webtorrent Moderate
CVE-2019-15782 was published for webtorrent (npm) Sep 4, 2019
tdunlap607
Status Board vulnerable to Cross-Site Scripting before v1.1.82 Moderate
CVE-2019-15479 was published for status-board (npm) Sep 23, 2019
tdunlap607
Rubyzip denial of service Moderate
CVE-2019-16892 was published for rubyzip (RubyGems) Sep 30, 2019
tdunlap607
Loofah Allows Cross-site Scripting Moderate
CVE-2019-15587 was published for loofah (RubyGems) Nov 5, 2019
tdunlap607
XSS/Script injection vulnerability in matestack High
CVE-2020-5241 was published for matestack-ui-core (RubyGems) Feb 12, 2020
PragTob tdunlap607
Exposure of Sensitive Information to an Unauthorized Actor in AEgir Critical
CVE-2020-11059 was published for aegir (npm) May 27, 2020
tdunlap607
Data leakage via cache key collision in Django High
CVE-2020-13254 was published for Django (pip) Jun 5, 2020
tdunlap607
XSS in Django Moderate
CVE-2020-13596 was published for Django (pip) Jun 5, 2020
tdunlap607
Cross site scripting in Angular Moderate
CVE-2020-7676 was published for angular (npm) Jun 18, 2020
tdunlap607
Log injection in uvicorn High
CVE-2020-7694 was published for uvicorn (pip) Jul 29, 2020
tdunlap607
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2020-12648 was published for tinymce (npm) Aug 11, 2020
tdunlap607
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database