GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,207
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
PHPMailer susceptible to arbitrary code execution
High
CVE-2008-5619
was published
for
phpmailer/phpmailer
(Composer)
May 14, 2022
Prototype pollution in @strikeentco/set
High
CVE-2020-28267
was published
for
@strikeentco/set
(npm)
May 24, 2022
OpenPGP 1.2.0 and earlier decrypts arbitrary messages
High
CVE-2015-8013
was published
for
openpgp
(npm)
May 17, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack
High
CVE-2012-6685
was published
for
nokogiri
(RubyGems)
Apr 23, 2022
i18n Vulnerable to Denial of Service Attack
High
CVE-2014-10077
was published
for
i18n
(RubyGems)
May 14, 2022
Regular expression denial of service in scss-tokenizer
High
CVE-2022-25758
was published
for
scss-tokenizer
(npm)
Jul 2, 2022
Scrapy denial of service vulnerability
High
CVE-2017-14158
was published
for
scrapy
(pip)
May 17, 2022
Improper input validation in cryptography
High
CVE-2016-9243
was published
for
cryptography
(pip)
May 17, 2022
Numpy arbitrary file write via symlink attack
High
CVE-2014-1859
was published
for
numpy
(pip)
May 14, 2022
JupyterHub OAuthenticator elevation of privilege
High
CVE-2018-7206
was published
for
oauthenticator
(pip)
May 13, 2022
PyJWT vulnerable to key confusion attacks
High
CVE-2017-11424
was published
for
pyjwt
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API