GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
380 advisories
Filter by severity
Improper Input Validation in org.wildfly:wildfly-undertow
Moderate
CVE-2018-1047
was published
for
org.wildfly:wildfly-undertow
(Maven)
Oct 19, 2018
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
Moderate
CVE-2018-1298
was published
for
org.apache.qpid:apache-qpid-broker-j
(Maven)
Oct 19, 2018
OrientDB Studio web management interface is vulnerable to clickjacking attacks
Moderate
CVE-2015-2918
was published
for
com.orientechnologies:orientdb-studio
(Maven)
Oct 18, 2018
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
Moderate
CVE-2018-1199
was published
for
org.springframework.security:spring-security-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc
Moderate
CVE-2017-0256
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
Improper Input Validation in org.apache.qpid:qpid-broker
Moderate
CVE-2016-3094
was published
for
org.apache.qpid:qpid-broker
(Maven)
Oct 16, 2018
Apache Struts Improper Input Validation vulnerability
Moderate
CVE-2017-7672
was published
for
org.apache.struts:struts2-core
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Improper Input Validation in ansible
Moderate
CVE-2016-8647
was published
for
ansible
(pip)
Oct 10, 2018
Moderate severity vulnerability that affects mailman
Moderate
CVE-2018-13796
was published
for
mailman
(pip)
Sep 11, 2018
Sandbox Breakout / Arbitrary Code Execution in static-eval
Moderate
CVE-2017-16226
was published
for
static-eval
(npm)
Aug 6, 2018
Improper query string handling in Django
Moderate
CVE-2010-4534
was published
for
Django
(pip)
Jul 23, 2018
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink
Moderate
CVE-2014-5003
was published
for
ciborg
(RubyGems)
Jul 23, 2018
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Moderate
CVE-2018-1000023
was published
for
insight-api
(npm)
Mar 5, 2018
Gyazo allows local users to write arbitrary files
Moderate
CVE-2014-4994
was published
for
gyazo
(RubyGems)
Jan 22, 2018
Mail Improper Input Validation vulnerability
Moderate
CVE-2011-0739
was published
for
mail
(RubyGems)
Oct 24, 2017
Rails activerecord gem has Improper Input Validation vulnerability
Moderate
CVE-2010-3933
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Improper Input Validation in actionpack
Moderate
CVE-2008-7248
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2011-3187
was published
for
actionpack
(RubyGems)
Oct 24, 2017
WEBrick Improper Input Validation vulnerability
Moderate
CVE-2009-4492
was published
for
webrick
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2011-2929
was published
for
actionpack
(RubyGems)
Oct 24, 2017
ldoce Gem Arbitrary Command Execution
Moderate
CVE-2013-1911
was published
for
ldoce
(RubyGems)
Oct 24, 2017
Spree Improper Input Validation vulnerability
Moderate
CVE-2013-1656
was published
for
spree
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API