Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,596 advisories

Loading
Prototype Pollution in lodash.defaultsdeep High
GHSA-h5mp-5q4p-ggf5 was published for lodash.defaultsdeep (npm) Sep 3, 2020
Cross-Site Scripting in bpmn-js-properties-panel High
GHSA-vpj4-89q8-rh38 was published for bpmn-js-properties-panel (npm) Sep 3, 2020
LDAP Injection in ldapauth High
CVE-2015-7294 was published for ldapauth (npm) Aug 31, 2020
Unauthenticated Remote Command Injection in ep_imageconvert High
CVE-2013-3364 was published for ep_imageconvert (npm) Aug 31, 2020
Denial of Service in subtext High
GHSA-2mvq-xp48-4c77 was published for subtext (npm) Sep 3, 2020
Cross-Site Scripting in fomantic-ui High
GHSA-788m-pj96-7w2c was published for fomantic-ui (npm) Sep 2, 2020
XSS in client rendered block templates in rendr High
CVE-2016-1000230 was published for rendr (npm) Sep 1, 2020
Command Injection in expressfs High
GHSA-mxmj-84q8-34r7 was published for expressfs (npm) Sep 3, 2020
Downloads Resources over HTTP in pm2-kafka High
CVE-2016-10693 was published for pm2-kafka (npm) Sep 1, 2020
Cross-Site Scripting in serve High
GHSA-xw79-hhv6-578c was published for serve (npm) Sep 11, 2020
Cross-Site Scripting in hexo-admin High
GHSA-phph-xpj4-wvcv was published for hexo-admin (npm) Sep 3, 2020
DOM-based XSS in gmail-js High
CVE-2016-1000228 was published for gmail-js (npm) Sep 1, 2020
Downloads Resources over HTTP in windows-latestchromedriver High
CVE-2016-10696 was published for windows-latestchromedriver (npm) Sep 1, 2020
Downloads Resources over HTTP in apk-parser3 High
CVE-2016-10574 was published for apk-parser3 (npm) Sep 1, 2020
Regular Expression Denial of Service in ansi2html High
CVE-2015-9239 was published for ansi2html (npm) Sep 1, 2020
Regular Expression Denial of Service in validator High
CVE-2014-8882 was published for validator (npm) Aug 31, 2020
Cross-Site Scripting in takeapeek High
GHSA-4q2f-8g74-qm56 was published for takeapeek (npm) Sep 3, 2020
Directory Traversal in wenluhong1 High
GHSA-224h-p7p5-rh85 was published for wenluhong1 (npm) Sep 1, 2020
Prototype Pollution in sahmat High
GHSA-83pq-466j-fc6j was published for sahmat (npm) Sep 4, 2020
Directory Traversal in yjmyjmyjm High
GHSA-g376-whg7-896m was published for yjmyjmyjm (npm) Sep 1, 2020
Directory Traversal in @vivaxy/here High
GHSA-m4vv-p6fq-jhqp was published for @vivaxy/here (npm) Sep 1, 2020
Byass due to validation before canonicalization in serve High
GHSA-wm7q-rxch-43mx was published for serve (npm) Sep 1, 2020
Denial of Service in @hapi/hapi High
GHSA-23vw-mhv5-grv5 was published for @hapi/hapi (npm) Sep 3, 2020
Denial of Service in hapi High
GHSA-7hx8-2rxv-66xv was published for hapi (npm) Sep 3, 2020
Cross-Site Scripting in bootstrap-select High
GHSA-9r7h-6639-v5mw was published for bootstrap-select (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database