GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,141
Erlang
30
GitHub Actions
19
Go
1,942
Maven
5,000+
npm
3,684
NuGet
650
pip
3,303
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
10,644 advisories
Filter by severity
Improper Input Validation in yargs-parser
Moderate
Unreviewed
GHSA-ghmj-crg5-xw2j
was published
Feb 15, 2022
django-sendfile2 before 0.7.0 contains reflected file download vulnerability
High
GHSA-pcjh-6r5h-r92r
was published
for
django-sendfile2
(pip)
Aug 11, 2022
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
Improper input validation in Apache Olingo
High
CVE-2019-17555
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
Negative charge in shopping cart in Shopizer
Critical
CVE-2020-11007
was published
for
com.shopizer:sm-core-model
(Maven)
Apr 22, 2020
SMTP Injection in PHPMailer
Low
CVE-2015-8476
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Validation Bypass in slp-validate
Critical
CVE-2019-16761
was published
for
slp-validate
(npm)
Nov 15, 2019
Prototype Pollution Protection Bypass in qs
High
CVE-2017-1000048
was published
for
qs
(npm)
Apr 30, 2020
Moderate severity vulnerability that affects python-gnupg
Moderate
CVE-2014-1928
was published
for
python-gnupg
(pip)
Nov 6, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
Critical severity vulnerability that affects slpjs
Critical
CVE-2019-16762
was published
for
slpjs
(npm)
Nov 15, 2019
AWS Lambda parser is vulnerable to Regular Expression Denial of Service
High
CVE-2018-7560
was published
for
aws-lambda-multipart-parser
(npm)
Mar 5, 2018
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character
Critical
CVE-2017-7676
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Moderate
CVE-2018-1000023
was published
for
insight-api
(npm)
Mar 5, 2018
Verification Bypass in jsonwebtoken
Critical
CVE-2015-9235
was published
for
jsonwebtoken
(npm)
Oct 9, 2018
Keystone is vulnerable to CSV injection
High
CVE-2017-15879
was published
for
keystone
(npm)
Nov 16, 2017
Missing Origin Validation in webpack-dev-server
High
CVE-2018-14732
was published
for
webpack-dev-server
(npm)
Jan 4, 2019
Prototype Pollution in async merge-object
Critical
CVE-2018-3753
was published
for
merge-object
(npm)
Sep 18, 2018
Prototype Pollution in merge-options
Critical
CVE-2018-3752
was published
for
merge-options
(npm)
Oct 9, 2018
Moderate severity vulnerability that affects mailman
Moderate
CVE-2018-13796
was published
for
mailman
(pip)
Sep 11, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
High severity vulnerability that affects python-gnupg
High
CVE-2014-1927
was published
for
python-gnupg
(pip)
Nov 6, 2018
The REST Plugin in Apache Struts is using an outdated XStream library
High
CVE-2017-9793
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Moderate
CVE-2018-11799
was published
for
org.apache.oozie:oozie-core
(Maven)
Dec 20, 2018
ProTip!
Advisories are also available from the
GraphQL API