Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

250 advisories

Loading
safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method High
CVE-2016-3693 was published for safemode (RubyGems) Oct 24, 2017
auth0-js Privilege Escalation Vulnerability High
CVE-2017-17068 was published for auth0-js (npm) Dec 21, 2017
lawn-login exposes database password to unauthorized users High
CVE-2014-5000 was published for lawn-login (RubyGems) Jan 22, 2018
lynx doesn't properly sanitize user input and exposes database password to unauthorized users High
CVE-2014-5002 was published for lynx (RubyGems) Jan 24, 2018
brbackup exposes database password to unauthorized users High
CVE-2014-5004 was published for brbackup (RubyGems) Mar 5, 2018
Cap-Strap gem for Ruby places credentials on the useradd command line High
CVE-2014-4992 was published for cap-strap (RubyGems) Mar 16, 2018
Sprockets path traversal leads to information leak High
CVE-2018-3760 was published for sprockets (RubyGems) Jun 20, 2018
kurt-r2c
Kcapifony gem for Ruby places database user passwords on the command line High
CVE-2014-5001 was published for kcapifony (RubyGems) Jul 23, 2018
node-sqlite is malware High
CVE-2017-16048 was published for node-sqlite (npm) Jul 23, 2018
Github Token Leak in aegir High
CVE-2017-16225 was published for aegir (npm) Jul 24, 2018
npm Token Leak in npm High
CVE-2016-3956 was published for npm (npm) Jul 31, 2018
cofee-script is malware High
CVE-2017-16206 was published for cofee-script (npm) Aug 6, 2018
Django vulnerable to information leakage in AuthenticationForm High
CVE-2018-6188 was published for Django (pip) Oct 3, 2018
MarkLee131
Apache Ignite communicates to an external PHP server where sensitive information is sent High
CVE-2017-7686 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Jetty vulnerable to exposure of sensitive information due to observable discrepancy High
CVE-2017-9735 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
Private Data Disclosure in express-restify-mongoose High
CVE-2016-10533 was published for express-restify-mongoose (npm) Oct 23, 2018
tdunlap607
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users High
CVE-2015-2080 was published for org.eclipse.jetty:jetty-server (Maven) Nov 9, 2018
Rendertron discloses absolute paths of files High
CVE-2017-18355 was published for rendertron (npm) Feb 12, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop High
CVE-2018-1296 was published for org.apache.hadoop:hadoop-main (Maven) Feb 12, 2019
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
Improper authentication in Symfony High
CVE-2019-10911 was published for symfony/security (Composer) Feb 12, 2020
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Polymorphic deserialization of malicious object in jackson-databind High
CVE-2019-14892 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database