GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
236 advisories
Filter by severity
marionette-socket-host downloads Resources over HTTP
High
CVE-2016-10648
was published
for
marionette-socket-host
(npm)
Aug 15, 2018
grunt-images downloads Resources over HTTP
High
CVE-2016-10645
was published
for
grunt-images
(npm)
Aug 15, 2018
Downloads Resources over HTTP in cmake
High
CVE-2016-10642
was published
for
cmake
(npm)
Aug 15, 2018
fis-sass-all downloads Resources over HTTP
High
CVE-2016-10686
was published
for
fis-sass-all
(npm)
Aug 17, 2018
Downloads Resources over HTTP in node-bsdiff-android
High
CVE-2016-10641
was published
for
node-bsdiff-android
(npm)
Sep 18, 2018
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection
Critical
CVE-2017-11467
was published
for
com.orientechnologies:orientdb-core
(Maven)
Oct 18, 2018
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
High
CVE-2018-15758
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 19, 2018
Improper Privilege Management in Apache Karaf
High
CVE-2018-11786
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2018
Downloads Resources over HTTP in openframe-glslviewer
High
CVE-2016-10607
was published
for
openframe-glslviewer
(npm)
Feb 18, 2019
Downloads Resources over HTTP in cobalt-cli
High
CVE-2016-10597
was published
for
cobalt-cli
(npm)
Feb 18, 2019
Downloads Resources over HTTP in prince
High
CVE-2016-10591
was published
for
prince
(npm)
Feb 18, 2019
Downloads Resources over HTTP in libxl
High
CVE-2016-10585
was published
for
libxl
(npm)
Feb 18, 2019
Downloads Resources over HTTP in openframe-image
High
CVE-2016-10616
was published
for
openframe-image
(npm)
Feb 18, 2019
Downloads Resources over HTTP in bionode-sra
High
CVE-2016-10613
was published
for
bionode-sra
(npm)
Feb 18, 2019
dwebp-bin downloads Resources over HTTP
High
CVE-2016-10633
was published
for
dwebp-bin
(npm)
Feb 18, 2019
Improper Privilege Management in org.apache.hadoop:hadoop-main
High
CVE-2018-11767
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Mar 25, 2019
npm Vulnerable to Global node_modules Binary Overwrite
High
CVE-2019-16777
was published
for
npm
(npm)
Dec 13, 2019
Improper Privilege Management in Tomcat
Critical
CVE-2020-1938
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 15, 2020
Privilege escalation by backend users assigned to the default "Publisher" system role
Low
CVE-2020-15248
was published
for
october/backend
(Composer)
Nov 23, 2020
Privilege Context Switching Error in Elasticsearch
Low
CVE-2020-7020
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Privilege Escalation Flaw in Elasticsearch
Moderate
CVE-2020-7014
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Privilage Escalation in moodle
High
CVE-2020-25699
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
ProTip!
Advisories are also available from the
GraphQL API