Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,358 advisories

Loading
Directory Traversal in easyquick Moderate
CVE-2017-16109 was published for easyquick (npm) Aug 29, 2018
Hijacked Environment Variables in proxy.js Moderate
CVE-2017-16076 was published for proxy.js (npm) Aug 29, 2018
ember-source vulnerable to Cross-site Scripting Moderate
CVE-2015-1866 was published for ember-source (RubyGems) Aug 28, 2018
Tinfoil Devise-two-factor does not "burn" a successfully validated one-time password (OTP) Moderate
CVE-2015-7225 was published for devise-two-factor (RubyGems) Aug 28, 2018
Gollum Exposure of Sensitive Information Moderate
CVE-2015-7314 was published for gollum (RubyGems) Aug 28, 2018
ember-source Cross-site Scripting vulnerability Moderate
CVE-2015-7565 was published for ember-source (RubyGems) Aug 28, 2018
oliverchang
Shadowsock is malware Moderate
CVE-2017-16078 was published for shadowsock (npm) Aug 27, 2018
Moderate severity vulnerability that affects archive-tar-minitar and minitar Moderate
GHSA-cwp3-834g-x79g was published for archive-tar-minitar (RubyGems) Aug 21, 2018 withdrawn
Improper Authorization in aedes Moderate
CVE-2018-3778 was published for aedes (npm) Aug 15, 2018
tdunlap607
Moderate severity vulnerability that affects doorkeeper Moderate
GHSA-5p9f-55j8-922m was published for doorkeeper (RubyGems) Aug 13, 2018 withdrawn
Moderate severity vulnerability that affects activerecord Moderate
GHSA-m8h6-m9p5-p2f8 was published for activerecord (RubyGems) Aug 13, 2018 withdrawn
Moderate severity vulnerability that affects actionview Moderate
GHSA-2pwf-xwr3-hp55 was published for actionview (RubyGems) Aug 13, 2018 withdrawn
Moderate severity vulnerability that affects web-console Moderate
GHSA-82x2-g7vr-39wq was published for web-console (RubyGems) Aug 13, 2018 withdrawn
Moderate severity vulnerability that affects paperclip Moderate
GHSA-phmw-pv3f-vvx7 was published for paperclip (RubyGems) Aug 13, 2018 withdrawn
Moderate severity vulnerability that affects rack-mini-profiler Moderate
GHSA-995j-587r-259w was published for rack-mini-profiler (RubyGems) Aug 13, 2018 withdrawn
grape subject to Cross-site Scripting Moderate
CVE-2018-3769 was published for grape (RubyGems) Aug 13, 2018
superagent vulnerable to zip bomb attacks Moderate
CVE-2017-16129 was published for superagent (npm) Aug 9, 2018
Nokogiri vulnerable to libxml XML Entity Expansion Moderate
CVE-2015-1819 was published for nokogiri (RubyGems) Aug 8, 2018
Moderate severity vulnerability that affects safemode Moderate
GHSA-44vc-fpcg-5cc5 was published for safemode (RubyGems) Aug 8, 2018 withdrawn
metascraper before v5.2.0 vulnerable to stored cross-site scripting Moderate
CVE-2018-3773 was published for metascraper (npm) Aug 8, 2018
jquey is malware Moderate
CVE-2017-16204 was published for jquey (npm) Aug 6, 2018
Directory Traversal in desafio Moderate
CVE-2017-16164 was published for desafio (npm) Aug 6, 2018
Directory Traversal in jikes Moderate
CVE-2017-16139 was published for jikes (npm) Aug 6, 2018
Sandbox Breakout / Arbitrary Code Execution in static-eval Moderate
CVE-2017-16226 was published for static-eval (npm) Aug 6, 2018
Open Redirect in st Moderate
CVE-2017-16224 was published for st (npm) Aug 6, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database