GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
100,151 advisories
Filter by severity
Prototype Pollution in @apollo/gateway
High
GHSA-74cr-77xc-8g6r
was published
for
@apollo/gateway
(npm)
Jun 13, 2019
Directory Traversal in lactate
High
GHSA-68gr-cmcp-g3mj
was published
for
lactate
(npm)
Jun 14, 2019
Cross-Site Scripting (XSS) in cloudcmd
High
GHSA-m8fw-534v-xm85
was published
for
cloudcmd
(npm)
Jun 4, 2019
Denial of Service in https-proxy-agent
High
GHSA-qrg3-f6h6-vq8q
was published
for
https-proxy-agent
(npm)
Aug 19, 2020
•
withdrawn
Path Traversal in serve-here.js
High
GHSA-g8m7-qhv7-9h5x
was published
for
serve-here
(npm)
Jul 5, 2019
Command Injection in wiki-plugin-datalog
High
GHSA-pm52-wwrw-c282
was published
for
wiki-plugin-datalog
(npm)
Jun 13, 2019
Remote Code Execution in node-os-utils
High
GHSA-j9f8-8h89-j69x
was published
for
node-os-utils
(npm)
Jun 11, 2019
Cross-Site Scripting in ids-enterprise
High
GHSA-crfx-5phg-hmw9
was published
for
ids-enterprise
(npm)
Jun 13, 2019
Unauthenticated crypto and weak IV in Magento\Framework\Encryption
High
CVE-2016-6485
was published
for
magento/community-edition
(Composer)
Nov 20, 2019
user/group information can be corrupted across storing in fsimage and reading back from fsimage
High
CVE-2018-11768
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Nov 20, 2019
Remote Code Execution in Angular Expressions
High
CVE-2020-5219
was published
for
angular-expressions
(npm)
Jan 24, 2020
Unauthenticated Access Via OAI-PMH
High
CVE-2020-5228
was published
for
org.opencastproject:opencast-oaipmh-api
(Maven)
Jan 30, 2020
Path Traversal in algo-httpserv
High
GHSA-cgjv-rghq-qhgp
was published
for
algo-httpserv
(npm)
Sep 11, 2019
Improper Key Verification in openpgp
High
CVE-2019-9154
was published
for
openpgp
(npm)
Aug 23, 2019
PrestaShop autoupgrade module ZIP archives were vulnerable from CVE-2017-9841
High
GHSA-wqq8-mqj9-697f
was published
for
prestashop/autoupgrade
(Composer)
Jan 8, 2020
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes
High
CVE-2019-18857
was published
for
enshrined/svg-sanitize
(Composer)
Jan 8, 2020
Timing attacks might allow practical recovery of the long-term private key
High
CVE-2019-10764
was published
for
simplito/elliptic-php
(Composer)
Nov 20, 2019
Improper input validation in Apache Olingo
High
CVE-2019-17555
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
Arbitrary File Write in iobroker.js-controller
High
CVE-2019-10767
was published
for
iobroker.js-controller
(npm)
Dec 2, 2019
PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
High
GHSA-769f-539v-f5jg
was published
for
prestashop/gamification
(Composer)
Jan 8, 2020
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841
High
GHSA-f884-gm86-cg3q
was published
for
prestashop/ps_facetedsearch
(Composer)
Jan 7, 2020
Server-Side Request Forgery (SSRF) in Apache Olingo
High
CVE-2020-1925
was published
for
org.apache.olingo:odata-client-core
(Maven)
Feb 4, 2020
ProTip!
Advisories are also available from the
GraphQL API