Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

914 advisories

Loading
Cross Site Scripting (XSS) in plotly.js Moderate
CVE-2017-1000006 was published for plotly.js (npm) Oct 24, 2017
Cross-Site Scripting in keystone Moderate
CVE-2017-15878 was published for keystone (npm) Nov 15, 2017
Denial of Service in mqtt Moderate
CVE-2017-10910 was published for mqtt (npm) Dec 28, 2017
Moderate severity vulnerability that affects marked Moderate
CVE-2017-17461 was published for marked (npm) Jan 4, 2018 withdrawn
Doorkeeper is vulnerable to stored XSS and code execution Moderate
CVE-2018-1000088 was published for doorkeeper (RubyGems) Mar 13, 2018
tdunlap607
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink Moderate
CVE-2014-5003 was published for ciborg (RubyGems) Jul 23, 2018
Path Traversal in glance Moderate
CVE-2018-3715 was published for glance (npm) Jul 26, 2018
Prototype Pollution in lodash Moderate
CVE-2018-3721 was published for lodash (npm) Jul 26, 2018
Remote Code Execution in markdown-pdf Moderate
CVE-2018-3770 was published for markdown-pdf (npm) Jul 27, 2018
Directory Traversal in elding Moderate
CVE-2017-16222 was published for elding (npm) Aug 6, 2018
Directory Traversal in jikes Moderate
CVE-2017-16139 was published for jikes (npm) Aug 6, 2018
Directory Traversal in desafio Moderate
CVE-2017-16164 was published for desafio (npm) Aug 6, 2018
Directory Traversal in easyquick Moderate
CVE-2017-16109 was published for easyquick (npm) Aug 29, 2018
Cross-Site Scripting in exceljs Moderate
CVE-2018-16459 was published for exceljs (npm) Sep 11, 2018
Directory Traversal in augustine Moderate
CVE-2017-0930 was published for augustine (npm) Sep 18, 2018
Cross-Site Scripting in public Moderate
CVE-2018-3747 was published for public (npm) Oct 10, 2018
Spring Framework Cross Site Tracing (XST) Moderate
CVE-2018-11039 was published for org.springframework:spring-web (Maven) Oct 16, 2018
sunSUNQ
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin Moderate
CVE-2017-15707 was published for org.apache.struts:struts2-rest-plugin (Maven) Oct 16, 2018
Moderate severity vulnerability that affects org.apache.juddi:juddi-client Moderate
CVE-2015-5241 was published for org.apache.juddi:juddi-client (Maven) Oct 16, 2018
Moderate severity vulnerability that affects org.apache.mesos:mesos Moderate
CVE-2018-8023 was published for org.apache.mesos:mesos (Maven) Oct 17, 2018
Denial of Service in org.springframework:spring-core Moderate
CVE-2018-1257 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Path Traversal in org.springframework:spring-core Moderate
CVE-2018-1271 was published for org.springframework:spring-core (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2018-10912 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2017-12161 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3 Moderate
CVE-2017-12631 was published for org.apache.cxf.fediz:fediz-spring (Maven) Oct 18, 2018
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database