Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,596 advisories

Loading
Cross-Site Scripting in atlasboard-atlassian-package High
GHSA-25v4-mcx4-hh35 was published for atlasboard-atlassian-package (npm) Sep 4, 2020
Directory Traversal in @vivaxy/here High
GHSA-m4vv-p6fq-jhqp was published for @vivaxy/here (npm) Sep 1, 2020
Byass due to validation before canonicalization in serve High
GHSA-wm7q-rxch-43mx was published for serve (npm) Sep 1, 2020
Denial of Service in @hapi/hapi High
GHSA-23vw-mhv5-grv5 was published for @hapi/hapi (npm) Sep 3, 2020
Prototype Pollution in subtext High
GHSA-g64q-3vg8-8f93 was published for subtext (npm) Sep 3, 2020
Denial of Service in serialize-to-js High
GHSA-w5q7-3pr9-x44w was published for serialize-to-js (npm) Sep 2, 2020
Cross-Site Scripting in mermaid High
GHSA-w32g-5hqp-gg6q was published for mermaid (npm) Sep 2, 2020
Improper Authorization in loopback High
GHSA-8wgc-jjvv-cv6v was published for loopback (npm) Sep 2, 2020
NoSQL injection in express-cart High
GHSA-f5cv-xrv9-r8w7 was published for express-cart (npm) Sep 1, 2020
Entropy Backdoor in text-qrcode High
GHSA-h5vj-f7r9-w564 was published for text-qrcode (npm) Sep 1, 2020
Remote Code Execution in office-converter High
GHSA-9p64-h5q4-phpm was published for office-converter (npm) Sep 2, 2020
Missing Origin Validation in browserify-hmr High
CVE-2018-14730 was published for browserify-hmr (npm) Sep 1, 2020
File restriction bypass in socket.io-file High
GHSA-6495-8jvh-f28x was published for socket.io-file (npm) Oct 2, 2020
Cross-Site Scripting in scratch-svg-renderer High
CVE-2020-7750 was published for scratch-svg-renderer (npm) Nov 9, 2020
Insecure Default Configuration in graphql-code-generator High
GHSA-9w87-4j72-gcv7 was published for graphql-code-generator (npm) Sep 2, 2020
Command Injection in addax High
GHSA-4q8f-5xxj-946r was published for addax (npm) Sep 3, 2020
SQL Injection in sails-mysql High
GHSA-hx5x-49mm-vmhw was published for sails-mysql (npm) Sep 3, 2020
Command Injection in soletta-dev-app High
GHSA-8mgg-5x65-m4m4 was published for soletta-dev-app (npm) Sep 11, 2020
Cross-Site Scripting in graylog-web-interface High
GHSA-9qgh-7pgp-hp7r was published for graylog-web-interface (npm) Sep 3, 2020
Cross-Site Scripting in @ionic/core High
GHSA-r3xc-47qg-h929 was published for @ionic/core (npm) Sep 3, 2020
Cross-Site Scripting in bleach High
GHSA-5634-rv46-48jf was published for bleach (npm) Sep 3, 2020
Path Traversal in restify-swagger-jsdoc High
GHSA-gvff-25cc-4f66 was published for restify-swagger-jsdoc (npm) Sep 3, 2020
Path Traversal in zero High
GHSA-crf7-fvjx-863q was published for zero (npm) Sep 3, 2020
Cross-Site Scripting in jquery.json-viewer High
GHSA-v9wp-8r97-v6xg was published for jquery.json-viewer (npm) Sep 3, 2020
Directory traversal in fast-http High
CVE-2020-7687 was published for fast-http (npm) Jul 27, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database