Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7651 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7650 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7648 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7653 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7652 was published for snyk-broker (npm) Jun 3, 2020
Introspection in schema validation in Apollo Server Moderate
GHSA-w42g-7vfc-xf37 was published for apollo-server (npm) Jun 5, 2020
Cross site scripting in Angular Moderate
CVE-2020-7676 was published for angular (npm) Jun 18, 2020
tdunlap607
Log Forging in generator-jhipster-kotlin Moderate
CVE-2020-4072 was published for generator-jhipster-kotlin (npm) Jun 25, 2020
ECDSA signature vulnerability of Minerva timing attack in jsrsasign Moderate
GHSA-g753-jx37-7xwh was published for jsrsasign (npm) Jun 30, 2020
Arbitrary file read via window-open IPC in Electron Moderate
CVE-2020-4075 was published for electron (npm) Jul 7, 2020
npm CLI exposing sensitive information through logs Moderate
CVE-2020-15095 was published for npm (npm) Jul 7, 2020
Sensitive information exposure through logs in npm-registry-fetch Moderate
GHSA-jmqm-f2gx-4fjv was published for npm-registry-fetch (npm) Jul 7, 2020
Command Injection in standard-version Moderate
GHSA-7xcx-6wjh-7xp2 was published for standard-version (npm) Jul 13, 2020
Command injection in codecov (npm package) Moderate
CVE-2020-15123 was published for codecov (npm) Jul 20, 2020
GraphQL: Security breach on Viewer query Moderate
CVE-2020-15126 was published for parse-server (npm) Jul 22, 2020
Moumouls
Storing Password in Local Storage Moderate
GHSA-wvh7-5p38-2qfc was published for parse (npm) Jul 23, 2020
dplewis pocketcolin
Uncontrolled resource consumption in jpeg-js Moderate
CVE-2020-8175 was published for jpeg-js (npm) Jul 27, 2020
avnerbarr
Sandbox bypass in constantinople Moderate
GHSA-hg7c-66ff-9q8g was published for constantinople (npm) Jul 31, 2020 withdrawn
Withdrawn Advisory: marked cross-site scripting vulnerability Moderate
GHSA-32vw-r77c-gm67 was published for marked (npm) Aug 3, 2020 withdrawn
Withdrawn Moderate
GHSA-chgg-rrmv-5q7x was published for jwt-simple (npm) Aug 3, 2020 withdrawn
CSRF vulnerability in save-server Moderate
CVE-2020-15135 was published for save-server (npm) Aug 4, 2020
Denial of service in fastify Moderate
CVE-2020-8192 was published for fastify (npm) Aug 5, 2020
CSRF Vulnerability in polaris-website Moderate
GHSA-whrh-9j4q-g7ph was published for polaris-website (npm) Aug 5, 2020
XSS via JQLite DOM manipulation functions in AngularJS Moderate
GHSA-5cp4-xmrw-59wf was published for angular (npm) Aug 5, 2020
koto masatokinugawa
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2020-12648 was published for tinymce (npm) Aug 11, 2020
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database