GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,873 advisories
Filter by severity
Improper Privilege Management in devise_masquerade
High
CVE-2021-28680
was published
for
devise_masquerade
(RubyGems)
Dec 8, 2021
Observable Discrepancy in Apache Kafka
Moderate
CVE-2021-38153
was published
for
org.apache.kafka:kafka-clients
(Maven)
Sep 23, 2021
Cross-Site Scripting in Qiita-Markdown
Moderate
CVE-2021-28796
was published
for
qiita-markdown
(RubyGems)
Aug 2, 2021
Activerecord-session_store Vulnerable to Timing Attack
Moderate
CVE-2019-25025
was published
for
activerecord-session_store
(RubyGems)
Mar 9, 2021
Mail Gem Improper Input Validation vulnerability
High
CVE-2012-2140
was published
for
mail
(RubyGems)
Oct 24, 2017
lawn-login exposes database password to unauthorized users
High
CVE-2014-5000
was published
for
lawn-login
(RubyGems)
Jan 22, 2018
Improper Authentication in Apache ShenYu Admin
Critical
CVE-2021-37580
was published
for
org.apache.shenyu:shenyu-admin
(Maven)
Nov 17, 2021
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
Low
GHSA-58qw-p7qm-5rvh
was published
for
org.eclipse.jetty:jetty-xml
(Maven)
Jul 10, 2023
Cross-site scripting in lazysizes
Moderate
CVE-2020-7642
was published
for
lazysizes
(npm)
Dec 10, 2021
Arbitrary Code Execution in json-ptr
High
CVE-2020-7766
was published
for
json-ptr
(npm)
May 10, 2021
Prototype pollution in @tsed/core
Moderate
CVE-2020-7748
was published
for
@tsed/core
(npm)
May 10, 2021
Cross-site Scripting in markdown-it-highlightjs
Moderate
CVE-2020-7773
was published
for
markdown-it-highlightjs
(npm)
Feb 10, 2022
Directory Traversal in uv-tj-demo
High
CVE-2017-16200
was published
for
uv-tj-demo
(npm)
Sep 1, 2020
Directory Traversal in chatbyvista
High
CVE-2017-16177
was published
for
chatbyvista
(npm)
Sep 1, 2020
Insecure template handling in Express-handlebars
High
CVE-2021-32820
was published
for
express-handlebars
(npm)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API