Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

4,282 advisories

Loading
Timing attack on HMAC signature comparison in Apache Tapestry Critical
CVE-2019-10071 was published for org.apache.tapestry:tapestry-core (Maven) Sep 26, 2019
Polymorphic Typing issue in FasterXML jackson-databind Critical
CVE-2019-16335 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Sep 23, 2019
Polymorphic Typing issue in FasterXML jackson-databind Critical
CVE-2019-14540 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Sep 23, 2019
sunSUNQ Credited to sunSUNQ
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls Critical
CVE-2019-14537 was published for yourls/yourls (Composer) Sep 23, 2019
LeoColomb Credited to LeoColomb
Command Injection in gitlabhook Critical
CVE-2019-5485 was published for gitlabhook (npm) Sep 16, 2019
Critical severity vulnerability that affects generator-jhipster Critical
GHSA-mwp6-j9wf-968c was published for generator-jhipster (npm) Sep 13, 2019 withdrawn
JLLeitschuh Credited to JLLeitschuh
Airbrake keys not being filtered Critical
CVE-2019-16060 was published for airbrake-ruby (RubyGems) Sep 11, 2019
Prototype Pollution in deeply Critical
CVE-2019-10750 was published for deeply (npm) Aug 27, 2019
Prototype Pollution in set-value Critical
CVE-2019-10747 was published for set-value (npm) Aug 27, 2019
Prototype Pollution in mixin-deep Critical
CVE-2019-10746 was published for mixin-deep (npm) Aug 27, 2019
Arbitrary Code Execution in eslint-utils Critical
CVE-2019-15657 was published for eslint-utils (npm) Aug 26, 2019
Identity Spoofing in libp2p-secio Critical
GHSA-rch7-f4h5-x9rj was published for libp2p-secio (npm) Aug 23, 2019
rest-client Gem Contains Malicious Code Critical
CVE-2019-15224 was published for awesome-bot (RubyGems) Aug 20, 2019
Undirectional routing wasn't respected in some cases in Mitogen Critical
CVE-2019-15149 was published for mitogen (pip) Aug 19, 2019 withdrawn
Nokogiri Command Injection Vulnerability Critical
CVE-2019-5477 was published for nokogiri (RubyGems) Aug 19, 2019
tdunlap607 Credited to tdunlap607
Improper Certificate Validation in Twisted Critical
CVE-2019-12855 was published for twisted (pip) Aug 16, 2019
SQL Injection in Django Critical
CVE-2019-14234 was published for Django (pip) Aug 16, 2019
Deserialization of untrusted data in FasterXML jackson-databind Critical
CVE-2019-14379 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Aug 1, 2019
Deserialization of Untrusted Data in Apache Storm Critical
CVE-2018-11779 was published for org.apache.storm:storm-kafka (Maven) Aug 1, 2019
datagrid contains code Injection backdoor Critical
CVE-2019-14281 was published for datagrid (RubyGems) Jul 31, 2019
Code backdoor in simple_captcha2 Critical
CVE-2019-14282 was published for simple_captcha2 (RubyGems) Jul 31, 2019
Deserialization of Untrusted Data in EthereumJ Critical
CVE-2018-15890 was published for org.ethereum:ethereumj-core (Maven) Jul 26, 2019
aubio Buffer Overflow vulnerability Critical
CVE-2018-19800 was published for aubio (pip) Jul 26, 2019
SQL Injection in marginalia Critical
CVE-2019-1010191 was published for marginalia (RubyGems) Jul 26, 2019
Improper Restriction of XML External Entity Reference in ladon Critical
CVE-2019-1010268 was published for ladon (pip) Jul 26, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database