Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

10,384 advisories

Improper Input Validation in yargs-parser Moderate Unreviewed
GHSA-ghmj-crg5-xw2j was published Feb 15, 2022
django-sendfile2 before 0.7.0 contains reflected file download vulnerability High
GHSA-pcjh-6r5h-r92r was published for django-sendfile2 (pip) Aug 11, 2022
moggers87 sergei-maertens
Insecure Default Configuration in redbird Moderate
GHSA-8948-ffc6-jg52 was published for redbird (npm) Jun 6, 2019
Improper input validation in Apache Olingo High
CVE-2019-17555 was published for org.apache.olingo:odata-client-core (Maven) Feb 4, 2020
Negative charge in shopping cart in Shopizer Critical
CVE-2020-11007 was published for com.shopizer:sm-core-model (Maven) Apr 22, 2020
SMTP Injection in PHPMailer Low
CVE-2015-8476 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Validation Bypass in slp-validate Critical
CVE-2019-16761 was published for slp-validate (npm) Nov 15, 2019
Prototype Pollution Protection Bypass in qs High
CVE-2017-1000048 was published for qs (npm) Apr 30, 2020
Moderate severity vulnerability that affects python-gnupg Moderate
CVE-2014-1928 was published for python-gnupg (pip) Nov 6, 2018
High severity vulnerability that affects cfscrape High
CVE-2017-7235 was published for cfscrape (pip) Jul 13, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j Moderate
CVE-2018-1298 was published for org.apache.qpid:apache-qpid-broker-j (Maven) Oct 19, 2018
Critical severity vulnerability that affects slpjs Critical
CVE-2019-16762 was published for slpjs (npm) Nov 15, 2019
AWS Lambda parser is vulnerable to Regular Expression Denial of Service High
CVE-2018-7560 was published for aws-lambda-multipart-parser (npm) Mar 5, 2018
High severity vulnerability that affects privacyIDEA High
CVE-2018-1000809 was published for privacyIDEA (pip) Jan 14, 2019
Mitmweb in mitmproxy allows DNS Rebinding attacks High
CVE-2018-14505 was published for mitmproxy (pip) Jul 31, 2018
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character Critical
CVE-2017-7676 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Insight API transaction broadcast endpoint can result in Full Path Disclosure Moderate
CVE-2018-1000023 was published for insight-api (npm) Mar 5, 2018
Verification Bypass in jsonwebtoken Critical
CVE-2015-9235 was published for jsonwebtoken (npm) Oct 9, 2018
Keystone is vulnerable to CSV injection High
CVE-2017-15879 was published for keystone (npm) Nov 16, 2017
Route Validation Bypass in call Moderate
CVE-2016-10543 was published for call (npm) Feb 18, 2019
Missing Origin Validation in webpack-dev-server High
CVE-2018-14732 was published for webpack-dev-server (npm) Jan 4, 2019
NikoRaisanen
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
Prototype Pollution in merge-options Critical
CVE-2018-3752 was published for merge-options (npm) Oct 9, 2018
Moderate severity vulnerability that affects mailman Moderate
CVE-2018-13796 was published for mailman (pip) Sep 11, 2018
High severity vulnerability that affects python-gnupg High
CVE-2014-1927 was published for python-gnupg (pip) Nov 6, 2018
ProTip! Advisories are also available from the GraphQL API