Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

985 advisories

Loading
user-readable api tokens in systemd units for JupyterHub High
CVE-2020-26261 was published for jupyterhub-systemdspawner (pip) Dec 9, 2020
quentinmit
Context isolation bypass in Electron Low
CVE-2020-15215 was published for electron (npm) Oct 6, 2020
nornagon MarshallOfSound
Sensitive Data Exposure in Apache Ant Moderate
CVE-2020-1945 was published for org.apache.ant:ant (Maven) Sep 14, 2020
Validation Bypass in schema-inspector Critical
CVE-2019-10781 was published for schema-inspector (npm) Jun 10, 2020
Validation Bypass in kind-of High
CVE-2019-20149 was published for kind-of (npm) Mar 31, 2020
python-docutils allows insecure usage of temporary files Critical
CVE-2009-5042 was published for docutils (pip) Mar 13, 2020
TaffyDB can allow access to any data items in the DB High
CVE-2019-10790 was published for taffy (npm) Feb 19, 2020
ebickle
Pomelo allows external control of critical state data Moderate
CVE-2019-18954 was published for pomelo (npm) Dec 2, 2019
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
RuboCop gem Insecure use of /tmp Low
CVE-2017-8418 was published for rubocop (RubyGems) Nov 15, 2017
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database