GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,135 advisories
Filter by severity
Persistent XSS in newsletter module in Shopware
Low
GHSA-hrfh-fp4x-crrq
was published
for
shopware/shopware
(Composer)
Nov 13, 2020
Denial of Service in express-fileupload
Low
GHSA-q3w9-g74q-vp5f
was published
for
express-fileupload
(npm)
Sep 3, 2020
Write to immutable memory region in TensorFlow
Low
CVE-2020-26268
was published
for
tensorflow
(pip)
Dec 10, 2020
Global node_modules Binary Overwrite in bin-links
Low
GHSA-v45m-2wcp-gg98
was published
for
bin-links
(npm)
Sep 4, 2020
Non-persistent XSS in the Storefront in Shopware
Low
GHSA-qvhr-55hg-3qwv
was published
for
shopware/core
(Composer)
Sep 23, 2020
Memory exhaustion in http4s-async-http-client with large or malicious compressed responses
Low
GHSA-8hxh-r6f7-jf45
was published
for
org.http4s:http4s-async-http-client_2.12
(Maven)
Oct 16, 2020
Regular Expression Denial of Service in npm-user-validate
Low
GHSA-xgh6-85xh-479p
was published
for
npm-user-validate
(npm)
Oct 16, 2020
Potential sensitive data exposure in applications using Vaadin 15
Low
GHSA-76f4-fw33-6j2v
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Persistent XSS in shopping worlds
Low
GHSA-28fw-88hq-6jmm
was published
for
shopware/shopware
(Composer)
Nov 13, 2020
Uninitialized memory access in TensorFlow
Low
CVE-2020-26266
was published
for
tensorflow
(pip)
Dec 10, 2020
Heap out of bounds access in MakeEdge in TensorFlow
Low
CVE-2020-26271
was published
for
tensorflow
(pip)
Dec 10, 2020
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Low
CVE-2020-26231
was published
for
october/cms
(Composer)
Nov 23, 2020
Authenticated Privilege Escalation
Low
GHSA-5q58-x5h2-v5rx
was published
for
shopware/core
(Composer)
Dec 21, 2020
Information exposure via query strings in URL
Low
GHSA-cq6h-w3mc-57f4
was published
for
shopware/core
(Composer)
Dec 21, 2020
Authenticated Server Side Request Forgery
Low
GHSA-8pfh-mm2g-hmc3
was published
for
shopware/core
(Composer)
Dec 21, 2020
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
Potential Session Hijacking
Low
GHSA-h9q8-5gv2-v6mg
was published
for
shopware/platform
(Composer)
Mar 12, 2021
Denial of Service in grpc-ts-health-check
Low
GHSA-m86m-5m44-pc93
was published
for
grpc-ts-health-check
(npm)
Sep 3, 2020
Authorization Bypass in graphql-shield
Low
GHSA-hx78-272p-mqqh
was published
for
graphql-shield
(npm)
Sep 3, 2020
Regular Expression Denial of Service in markdown
Low
GHSA-wx77-rp39-c6vg
was published
for
markdown
(npm)
Sep 4, 2020
Symlink reference outside of node_modules in bin-links
Low
GHSA-2mj8-pj3j-h362
was published
for
bin-links
(npm)
Sep 4, 2020
Regex denial of service vulnerability in codesample plugin
Low
GHSA-h96f-fc7c-9r55
was published
for
tinymce
(npm)
Jan 6, 2021
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-w736-hf9p-qqh3
was published
for
com.amazonaws:aws-dynamodb-encryption-java
(Maven)
Feb 8, 2021
User (Encrypted) Password Field Being Serialised
Low
GHSA-7fjp-g4m7-fx23
was published
for
pwweb/laravel-core
(Composer)
Apr 13, 2021
ProTip!
Advisories are also available from the
GraphQL API