Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Authentication Weakness in keystone Moderate
GHSA-9xgp-hfw7-73rq was published for keystone (npm) Aug 19, 2020 withdrawn
Denial of Service in protobufjs Moderate
GHSA-4gpv-cvmq-6526 was published for protobufjs (npm) Aug 19, 2020 withdrawn
Sandbox Breakout / Arbitrary Code Execution in safer-eval Moderate
GHSA-69p9-9qm9-h447 was published for safer-eval (npm) Aug 19, 2020 withdrawn
Regular Expression Denial of Service in highcharts Moderate
GHSA-m45f-4828-5cv5 was published for highcharts (npm) Aug 19, 2020 withdrawn
Open Redirect in ecstatic Moderate
GHSA-x4rf-4mqf-cm8w was published for ecstatic (npm) Aug 19, 2020 withdrawn
Integer Overflow or Wraparound and Use of a Broken or Risky Cryptographic Algorithm in bcrypt Moderate
CVE-2020-7689 was published for bcrypt (npm) Aug 20, 2020
Cross-Site Scripting in keystone Moderate
GHSA-h29r-4vqp-8jxf was published for keystone (npm) Aug 20, 2020 withdrawn
XSS due to lack of CSRF validation for replying/publishing Moderate
CVE-2020-15156 was published for nodebb-plugin-blog-comments (npm) Aug 26, 2020
gwynnarth
Command Injection in dns-sync Moderate
GHSA-c6h2-mpc6-232h was published for dns-sync (npm) Aug 27, 2020 withdrawn
Missing Origin Validation in parcel-bundler Moderate
GHSA-5j4m-89xf-mf5p was published for parcel-bundler (npm) Aug 27, 2020 withdrawn
Cross-Site Scripting in @novnc/novnc Moderate
CVE-2017-18635 was published for @novnc/novnc (npm) Aug 28, 2020
Cross-Site Scripting in dompurify Moderate
CVE-2019-16728 was published for dompurify (npm) Aug 28, 2020
Rosetta-Flash JSONP Vulnerability in hapi Moderate
CVE-2014-4671 was published for hapi (npm) Aug 31, 2020
tdunlap607
Hidden Directories Always Served in inert Moderate
CVE-2014-10068 was published for inert (npm) Aug 31, 2020
CSRF Vulnerability in jquery-ujs Moderate
GHSA-6qqj-rx4w-r3cj was published for jquery-ujs (npm) Aug 31, 2020
Multiple Content Injection Vulnerabilities in marked Moderate
CVE-2014-3743 was published for marked (npm) Aug 31, 2020
Directory Traversal in nhouston Moderate
CVE-2014-8883 was published for nhouston (npm) Aug 31, 2020
Validation Bypass in paypal-ipn Moderate
CVE-2014-10067 was published for paypal-ipn (npm) Aug 31, 2020
Regular Expression Denial of Service in bleach Moderate
CVE-2014-8881 was published for bleach (npm) Sep 1, 2020
Unsafe Merging of CORS Configuration Conflict in hapi Moderate
CVE-2015-9243 was published for hapi (npm) Sep 1, 2020
SQL Injection in mysql Moderate
CVE-2015-9244 was published for mysql (npm) Sep 1, 2020
Remote Memory Disclosure in bittorrent-dht Moderate
CVE-2016-10519 was published for bittorrent-dht (npm) Sep 1, 2020
Template Injection in jsrender Moderate
CVE-2016-3942 was published for jsrender (npm) Sep 1, 2020
Cross-Site Scripting in dojo Moderate
CVE-2008-6681 was published for dojo (npm) Sep 1, 2020
Insecure Defaults Leads to Potential MITM in ezseed-transmission Moderate
CVE-2016-1000224 was published for ezseed-transmission (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database