GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
269 advisories
Filter by severity
safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method
High
CVE-2016-3693
was published
for
safemode
(RubyGems)
Oct 24, 2017
auth0-js Privilege Escalation Vulnerability
High
CVE-2017-17068
was published
for
auth0-js
(npm)
Dec 21, 2017
lawn-login exposes database password to unauthorized users
High
CVE-2014-5000
was published
for
lawn-login
(RubyGems)
Jan 22, 2018
lynx doesn't properly sanitize user input and exposes database password to unauthorized users
High
CVE-2014-5002
was published
for
lynx
(RubyGems)
Jan 24, 2018
brbackup exposes database password to unauthorized users
High
CVE-2014-5004
was published
for
brbackup
(RubyGems)
Mar 5, 2018
Cap-Strap gem for Ruby places credentials on the useradd command line
High
CVE-2014-4992
was published
for
cap-strap
(RubyGems)
Mar 16, 2018
Sprockets path traversal leads to information leak
High
CVE-2018-3760
was published
for
sprockets
(RubyGems)
Jun 20, 2018
Kcapifony gem for Ruby places database user passwords on the command line
High
CVE-2014-5001
was published
for
kcapifony
(RubyGems)
Jul 23, 2018
Django vulnerable to information leakage in AuthenticationForm
High
CVE-2018-6188
was published
for
Django
(pip)
Oct 3, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent
High
CVE-2017-7686
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Jetty vulnerable to exposure of sensitive information due to observable discrepancy
High
CVE-2017-9735
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Private Data Disclosure in express-restify-mongoose
High
CVE-2016-10533
was published
for
express-restify-mongoose
(npm)
Oct 23, 2018
Missing Origin Validation in parcel-bundler
High
CVE-2018-14731
was published
for
parcel-bundler
(npm)
Oct 30, 2018
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
High
CVE-2015-2080
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Nov 9, 2018
Rendertron discloses absolute paths of files
High
CVE-2017-18355
was published
for
rendertron
(npm)
Feb 12, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop
High
CVE-2018-1296
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 12, 2019
Improper authentication in Symfony
High
CVE-2019-10911
was published
for
symfony/security
(Composer)
Feb 12, 2020
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Polymorphic deserialization of malicious object in jackson-databind
High
CVE-2019-14892
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
May 15, 2020
Information disclosure issue in Active Resource
High
CVE-2020-8151
was published
for
activeresource
(RubyGems)
May 21, 2020
ProTip!
Advisories are also available from the
GraphQL API