GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
espeak-ruby allows arbitrary command execution
Critical
CVE-2016-10193
was published
for
espeak-ruby
(RubyGems)
Oct 24, 2017
ActiveRecord in Ruby on Rails allows database-query bypass
High
CVE-2016-6317
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Active Record subject to strong parameters protection bypass
High
CVE-2014-3514
was published
for
activerecord
(RubyGems)
Oct 24, 2017
actionpack allows bypass of database-query restrictions
Moderate
CVE-2013-6417
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Active Record Improper Access Control
Moderate
CVE-2015-7577
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Web Console (Ruby gem) contains whitelisted_ips bypass
Moderate
CVE-2015-3224
was published
for
web-console
(RubyGems)
Oct 24, 2017
ActiveRecord vulnerable to modification of protected model attributes
Moderate
CVE-2013-0276
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Active Record allows bypassing of database-query restrictions
Moderate
CVE-2013-0155
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Action Pack contains database-query restrictions bypass
Moderate
CVE-2012-2660
was published
for
actionpack
(RubyGems)
Oct 24, 2017
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
High
CVE-2014-9489
was published
for
gollum
(RubyGems)
Nov 16, 2017
Incorrect handling of CORS preflight request headers in hapi
Moderate
CVE-2015-9236
was published
for
hapi
(npm)
Jun 7, 2018
Arbitrary code using "crafted image file" approach affecting Pillow
High
CVE-2016-9190
was published
for
Pillow
(pip)
Jul 12, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2016-8629
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2
High
CVE-2016-4464
was published
for
org.apache.cxf.fediz:fediz-spring
(Maven)
Oct 18, 2018
High severity vulnerability that affects org.apache.hbase:hbase
High
CVE-2015-1836
was published
for
org.apache.hbase:hbase
(Maven)
Oct 18, 2018
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Critical
CVE-2016-4800
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
Low
CVE-2014-0228
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Improper Access Control in activejob
High
CVE-2018-16476
was published
for
activejob
(RubyGems)
Dec 5, 2018
Improper Access Control in commons-fileupload
Critical
CVE-2016-1000031
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
rendertron can remotely shut down Chrome instance
High
CVE-2017-18353
was published
for
rendertron
(npm)
Jan 4, 2019
Sails before 0.12.7 vulnerable to Broken CORS
High
CVE-2016-10549
was published
for
sails
(npm)
Feb 18, 2019
Authentication Bypass in Devise
Moderate
CVE-2019-16109
was published
for
devise
(RubyGems)
Sep 11, 2019
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly
Critical
CVE-2019-16377
was published
for
consul
(RubyGems)
Sep 27, 2019
Incorrect Access Control vulnerability in api-platform/core
Moderate
CVE-2019-1000011
was published
for
api-platform/core
(Composer)
Oct 14, 2019
ProTip!
Advisories are also available from the
GraphQL API