GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
914 advisories
Filter by severity
Cross Site Scripting (XSS) in plotly.js
Moderate
CVE-2017-1000006
was published
for
plotly.js
(npm)
Oct 24, 2017
Cross-Site Scripting in keystone
Moderate
CVE-2017-15878
was published
for
keystone
(npm)
Nov 15, 2017
Moderate severity vulnerability that affects marked
Moderate
CVE-2017-17461
was published
for
marked
(npm)
Jan 4, 2018
•
withdrawn
Doorkeeper is vulnerable to stored XSS and code execution
Moderate
CVE-2018-1000088
was published
for
doorkeeper
(RubyGems)
Mar 13, 2018
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink
Moderate
CVE-2014-5003
was published
for
ciborg
(RubyGems)
Jul 23, 2018
Remote Code Execution in markdown-pdf
Moderate
CVE-2018-3770
was published
for
markdown-pdf
(npm)
Jul 27, 2018
Directory Traversal in easyquick
Moderate
CVE-2017-16109
was published
for
easyquick
(npm)
Aug 29, 2018
Cross-Site Scripting in exceljs
Moderate
CVE-2018-16459
was published
for
exceljs
(npm)
Sep 11, 2018
Directory Traversal in augustine
Moderate
CVE-2017-0930
was published
for
augustine
(npm)
Sep 18, 2018
Spring Framework Cross Site Tracing (XST)
Moderate
CVE-2018-11039
was published
for
org.springframework:spring-web
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Moderate
CVE-2017-15707
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.juddi:juddi-client
Moderate
CVE-2015-5241
was published
for
org.apache.juddi:juddi-client
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.mesos:mesos
Moderate
CVE-2018-8023
was published
for
org.apache.mesos:mesos
(Maven)
Oct 17, 2018
Denial of Service in org.springframework:spring-core
Moderate
CVE-2018-1257
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Path Traversal in org.springframework:spring-core
Moderate
CVE-2018-1271
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2018-10912
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Moderate
CVE-2017-12161
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Moderate
CVE-2017-12631
was published
for
org.apache.cxf.fediz:fediz-spring
(Maven)
Oct 18, 2018
ProTip!
Advisories are also available from the
GraphQL API