Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,600 advisories

Loading
Moderate severity vulnerability that affects moin Moderate
CVE-2017-5934 was published for moin (pip) Jan 4, 2019
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons Moderate
CVE-2018-20594 was published for org.hswebframework.web:hsweb-commons (Maven) Jan 4, 2019
Cross Site Scripting (XSS) vulnerability in easymon Moderate
CVE-2018-1000855 was published for easymon (RubyGems) Dec 21, 2018
Cross site scripting in org.apache.nifi:nifi Moderate
CVE-2018-17193 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
Fat Free CRM vulnerable to Cross-site Scripting Moderate
CVE-2018-1000842 was published for fat_free_crm (RubyGems) Dec 20, 2018
Flask-Admin Cross-site Scripting vulnerability Moderate
CVE-2018-16516 was published for flask-admin (pip) Dec 19, 2018
born2discover
SimpleMDE XSS Vulnerability Moderate
CVE-2018-19057 was published for simplemde (npm) Nov 21, 2018
Cross-site Scripting in yapi-vendor Moderate
CVE-2018-17574 was published for yapi-vendor (npm) Nov 21, 2018
Ckeditor XSS Vulnerability Moderate
CVE-2018-17960 was published for ckeditor (Composer) Nov 21, 2018
Valine HTML Injection Moderate
CVE-2018-19289 was published for valine (npm) Nov 21, 2018
Jupyter Notebook XSS via directory name Moderate
CVE-2018-19352 was published for notebook (pip) Nov 21, 2018
Jupyter Notebook XSS via untrusted notebooks Moderate
CVE-2018-19351 was published for notebook (pip) Nov 21, 2018
Rack vulnerable to Cross-site Scripting Moderate
CVE-2018-16471 was published for rack (RubyGems) Nov 15, 2018
Cross-Site Scripting in html-janitor Moderate
CVE-2017-0931 was published for html-janitor (npm) Nov 9, 2018
Content Injection via TileJSON Name in mapbox.js Moderate
CVE-2017-1000043 was published for mapbox-rails (RubyGems) Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js Moderate
CVE-2017-1000042 was published for mapbox-rails (RubyGems) Nov 9, 2018
Cross-Site Scripting in sanitize-html Moderate
CVE-2017-16016 was published for sanitize-html (npm) Nov 9, 2018
Cross-Site Scripting in i18next Moderate
CVE-2017-16008 was published for i18next (npm) Nov 9, 2018
Cross-Site Scripting in morris.js Moderate
CVE-2017-16022 was published for morris.js (npm) Nov 9, 2018
Cross-Site Scripting in sanitize-html Moderate
CVE-2017-16017 was published for sanitize-html (npm) Nov 9, 2018
Cross-Site Scripting (XSS) in restify Moderate
CVE-2017-16018 was published for restify (npm) Nov 9, 2018
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Moderate
CVE-2017-7678 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
Pandao editor.md vulnerable to DOM XSS Moderate
CVE-2018-19056 was published for editor.md (npm) Nov 9, 2018
Cross-Site Scripting in nunjucks Moderate
CVE-2016-10547 was published for nunjucks (npm) Nov 6, 2018
XSS Filter Bypass via Encoded URL in validator Moderate
CVE-2014-9772 was published for validator (npm) Nov 6, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database