GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
238,955 advisories
Filter by severity
Null pointer dereference in TensorFlow leads to exploitation
Moderate
CVE-2018-7576
was published
for
tensorflow
(pip)
Apr 24, 2019
Cross-Site Scripting in simditor
Moderate
CVE-2018-19048
was published
for
simditor
(npm)
May 14, 2019
Cryptographically Weak PRNG in generate-password
Moderate
GHSA-6qqf-vvcr-7qrv
was published
for
generate-password
(npm)
May 23, 2019
XML external entity (XXE) vulnerability
High
GHSA-c8m9-mh38-97p9
was published
for
org.jpmml:pmml-model
(Maven)
Feb 24, 2021
•
withdrawn
Insecure Credential Storage in web3
Low
GHSA-27v7-qhfv-rqq8
was published
for
web3
(npm)
May 30, 2019
Directory Traversal
High
GHSA-26hg-crh6-mjrw
was published
for
list-n-stream
(npm)
Feb 23, 2021
•
withdrawn
Cross-Site Scripting in JSPWiki
Moderate
CVE-2019-10076
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
Cross-Site Scripting
Moderate
GHSA-57h7-r3q3-w57j
was published
for
djangorestframework
(pip)
Feb 24, 2021
•
withdrawn
Server-Side Request Forgery in terriajs-server
High
GHSA-p72p-rjr2-r439
was published
for
terriajs-server
(npm)
May 29, 2019
SQL Injection in waterline-sequel
High
GHSA-mpcx-8qqw-rmcq
was published
for
waterline-sequel
(npm)
Aug 19, 2020
•
withdrawn
Path Traversal in angular-http-server
High
GHSA-vmhw-fhj6-m3g5
was published
for
angular-http-server
(npm)
May 31, 2019
Reflected Cross-Site Scripting in jquery.terminal
Moderate
GHSA-2hwp-g4g7-mwwj
was published
for
jquery.terminal
(npm)
May 29, 2019
Privilege escalation vulnerability in Apache Hadoop
High
CVE-2018-8029
was published
for
org.apache.hadoop:hadoop-main
(Maven)
May 31, 2019
Cross-Site Scripting in bootbox
Moderate
GHSA-87mg-h5r3-hw88
was published
for
bootbox
(npm)
May 30, 2019
Elliptic Curve Key Disclosure
High
GHSA-h6wq-jw7q-grxv
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Feb 24, 2021
•
withdrawn
rocksdb vulnerable to out-of-bounds read
Moderate
GHSA-xpp3-xrff-w6rh
was published
for
rocksdb
(Rust)
Aug 12, 2022
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Open Redirect in hekto
Low
GHSA-c5j4-vw9m-xc95
was published
for
hekto
(npm)
Aug 27, 2020
•
withdrawn
Cross-Site Scripting in react-svg
High
GHSA-8xqr-4cpm-wx7g
was published
for
react-svg
(npm)
May 31, 2019
Out-of-bounds Read in base64-url
High
GHSA-j4mr-9xw3-c9jx
was published
for
base64-url
(npm)
May 31, 2019
Directory Traversal
High
GHSA-f6gj-7592-5jxm
was published
for
node-simple-router
(npm)
Feb 23, 2021
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API