Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

8,371 advisories

Spring Framework Cross Site Tracing (XST) Moderate
CVE-2018-11039 was published for org.springframework:spring-web (Maven) Oct 16, 2018
sunSUNQ
ZipSlip in org.apache.storm:storm-core Moderate
CVE-2018-8008 was published for org.apache.storm:storm-core (Maven) Oct 16, 2018
MarkLee131
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page Moderate
CVE-2018-18282 was published for next (npm) Oct 15, 2018
ReDoS via long string of semicolons in tough-cookie Moderate
CVE-2016-1000232 was published for tough-cookie (npm) Oct 10, 2018
Moderate severity vulnerability that affects sprockets Moderate
GHSA-r4x3-g983-9g48 was published for sprockets (RubyGems) Oct 10, 2018 withdrawn
Cross-Site Scripting in public Moderate
CVE-2018-3747 was published for public (npm) Oct 10, 2018
Ansible does not verify that the server hostname matches a domain name in certificates Moderate
CVE-2015-3908 was published for ansible (pip) Oct 10, 2018
Improper Input Validation in ansible Moderate
CVE-2016-8647 was published for ansible (pip) Oct 10, 2018
Ansible exposes sensitive data in log files and on the terminal Moderate
CVE-2018-10855 was published for ansible (pip) Oct 10, 2018
In marshmallow library the schema "only" option treats an empty list as implying no "only" option Moderate
CVE-2018-17175 was published for marshmallow (pip) Oct 10, 2018
Pyopenssl Incorrect Memory Management Moderate
CVE-2018-1000808 was published for pyopenssl (pip) Oct 10, 2018
Cryptographically Weak PRNG in randomatic Moderate
CVE-2017-16028 was published for randomatic (npm) Oct 9, 2018
Moderate severity vulnerability that affects mustache Moderate
GHSA-3233-rgx3-c2wh was published for mustache (npm) Oct 9, 2018 withdrawn
Moderate severity vulnerability that affects send Moderate
GHSA-pgv6-jrvv-75jp was published for send (npm) Oct 9, 2018 withdrawn
Denial of Service in protobufjs Moderate
CVE-2018-3738 was published for protobufjs (npm) Oct 9, 2018
Django open redirect Moderate
CVE-2018-14574 was published for django (pip) Oct 4, 2018
MarkLee131
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
Cross-Site Scripting in sexstatic Moderate
CVE-2018-3755 was published for sexstatic (npm) Oct 1, 2018
Cross-Site Scripting in glance Moderate
CVE-2018-3748 was published for glance (npm) Sep 27, 2018
Directory Traversal in augustine Moderate
CVE-2017-0930 was published for augustine (npm) Sep 18, 2018
Moderate severity vulnerability that affects rails-html-sanitizer Moderate
GHSA-77pc-q5q7-qg9h was published for rails-html-sanitizer (RubyGems) Sep 17, 2018 withdrawn
Moderate severity vulnerability that affects rails-html-sanitizer Moderate
GHSA-mrhj-2g4v-39qx was published for rails-html-sanitizer (RubyGems) Sep 17, 2018 withdrawn
Moderate severity vulnerability that affects activerecord Moderate
GHSA-7phj-gmgx-2r66 was published for activerecord (RubyGems) Sep 17, 2018 withdrawn
Moderate severity vulnerability that affects rails-html-sanitizer Moderate
GHSA-qc8j-m8j3-rjq6 was published for rails-html-sanitizer (RubyGems) Sep 17, 2018 withdrawn
Moderate severity vulnerability that affects actionpack Moderate
GHSA-vwfg-qj3r-6v3r was published for actionpack (RubyGems) Sep 17, 2018 withdrawn
ProTip! Advisories are also available from the GraphQL API