GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
101,354 advisories
Filter by severity
Regular Expression Denial of Service in Acorn
High
GHSA-6chw-6frg-f759
was published
for
acorn
(npm)
Apr 3, 2020
Insecure Entropy Source - Math.random() in node-uuid
High
CVE-2015-8851
was published
for
node-uuid
(npm)
Apr 16, 2020
Incorrect Account Used for Signing
High
GHSA-vg44-fw64-cpjx
was published
for
@metamask/eth-ledger-bridge-keyring
(npm)
Mar 24, 2020
Downloads Resources over HTTP in rs-brightcove
High
CVE-2016-10676
was published
for
rs-brightcove
(npm)
Feb 18, 2019
discord-html not escaping HTML code blocks when lacking a language identifier
High
GHSA-9r27-994c-4xch
was published
for
discord-markdown
(npm)
Feb 24, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation
High
CVE-2020-11002
was published
for
io.dropwizard:dropwizard-validation
(Maven)
Apr 10, 2020
Improper Certificate Validation in Apache Beam
High
CVE-2020-1929
was published
for
org.apache.beam:beam-sdks-java-io-mongodb
(Maven)
May 6, 2020
codecov NPM module allows remote attackers to execute arbitrary commands
High
CVE-2020-7597
was published
for
codecov
(npm)
Feb 19, 2020
Reflected XSS in GraphQL Playground
High
CVE-2020-4038
was published
for
graphql-playground-html
(npm)
Jun 9, 2020
Holder can generate proof of ownership for credentials it does not control in vp-toolkit
High
GHSA-ff5x-w9wg-h275
was published
for
vp-toolkit
(npm)
Mar 6, 2020
Denial of Service in uap-core when processing crafted User-Agent strings
High
GHSA-pcqq-5962-hvcw
was published
for
user_agent_parser
(RubyGems)
Mar 10, 2020
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit
High
GHSA-p94w-42g3-f7h4
was published
for
vp-toolkit
(npm)
Mar 6, 2020
Remote Code Execution Through Image Uploads in BookStack
High
CVE-2020-5256
was published
for
ssddanbrown/bookstack
(Composer)
Mar 13, 2020
Information disclosure through error object in auth0.js
High
CVE-2020-5263
was published
for
auth0-js
(npm)
Apr 10, 2020
Deserialization of Untrusted Data in jackson-databind
High
GHSA-wrr7-33fx-rcvj
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 15, 2020
•
withdrawn
Private data exposure via REST API in BuddyPress
High
CVE-2020-5244
was published
for
buddypress/buddypress
(Composer)
Feb 24, 2020
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Read permissions not enforced for client provided filter expressions in Elide.
High
CVE-2020-5289
was published
for
com.yahoo.elide:elide-core
(Maven)
Mar 30, 2020
Prototype Pollution Protection Bypass in qs
High
CVE-2017-1000048
was published
for
qs
(npm)
Apr 30, 2020
Downloads Resources over HTTP in selenium-download
High
CVE-2016-10559
was published
for
selenium-download
(npm)
Feb 18, 2019
Downloads Resources over HTTP in alto-saxophone
High
CVE-2016-10694
was published
for
alto-saxophone
(npm)
Jul 31, 2018
ProTip!
Advisories are also available from the
GraphQL API