Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,130
Pub
10
RubyGems
838
Rust
792
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,586 advisories

Loading
keycloak-core discloses system properties Moderate
CVE-2017-2582 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
keycloak-core vulnerable to timing attacks against JWS token verification Moderate
CVE-2017-2585 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Moderate severity vulnerability that affects org.apache.mesos:mesos Moderate
CVE-2018-8023 was published for org.apache.mesos:mesos (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.storm:storm-core Moderate
CVE-2018-1332 was published for org.apache.storm:storm-core (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate
CVE-2015-7940 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Apache Tika Server exposes sensitive information Moderate
CVE-2015-3271 was published for org.apache.tika:tika-server (Maven) Oct 17, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent High
CVE-2017-7686 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Moderate severity vulnerability that affects org.apache.qpid:proton-j Moderate
CVE-2016-2166 was published for org.apache.qpid:proton-j (Maven) Oct 16, 2018
Django Information leakage in AuthenticationForm High
CVE-2018-6188 was published for django (pip) Oct 3, 2018
MarkLee131
Gollum Exposure of Sensitive Information Moderate
CVE-2015-7314 was published for gollum (RubyGems) Aug 28, 2018
cofee-script is malware High
CVE-2017-16206 was published for cofee-script (npm) Aug 6, 2018
npm Token Leak in npm High
CVE-2016-3956 was published for npm (npm) Jul 31, 2018
Github Token Leak in aegir High
CVE-2017-16225 was published for aegir (npm) Jul 24, 2018
node-sqlite is malware High
CVE-2017-16048 was published for node-sqlite (npm) Jul 23, 2018
Kcapifony gem for Ruby places database user passwords on the command line High
CVE-2014-5001 was published for kcapifony (RubyGems) Jul 23, 2018
Invalid Curve Attack in node-jose Moderate
CVE-2017-16007 was published for node-jose (npm) Jul 20, 2018
tdunlap607
Information Exposure on Case Insensitive File Systems in serve Moderate
CVE-2018-3809 was published for serve (npm) Jul 18, 2018
Django-Anymail prone to a timing attack Critical
CVE-2018-6596 was published for django-anymail (pip) Jul 12, 2018
Sprockets path traversal leads to information leak High
CVE-2018-3760 was published for sprockets (RubyGems) Jun 20, 2018
kurt-r2c
Cap-Strap gem for Ruby places credentials on the useradd command line High
CVE-2014-4992 was published for cap-strap (RubyGems) Mar 16, 2018
http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2015-1828 was published for http (RubyGems) Mar 13, 2018
brbackup exposes database password to unauthorized users High
CVE-2014-5004 was published for brbackup (RubyGems) Mar 5, 2018
lynx doesn't properly sanitize user input and exposes database password to unauthorized users High
CVE-2014-5002 was published for lynx (RubyGems) Jan 24, 2018
lawn-login exposes database password to unauthorized users High
CVE-2014-5000 was published for lawn-login (RubyGems) Jan 22, 2018
auth0-js Privilege Escalation Vulnerability High
CVE-2017-17068 was published for auth0-js (npm) Dec 21, 2017
ProTip! Advisories are also available from the GraphQL API