Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,127 advisories

Loading
Prototype Pollution in merge-recursive Critical
CVE-2018-3751 was published for merge-recursive (npm) Sep 18, 2018
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
Path Traversal in buttle High
CVE-2018-3766 was published for buttle (npm) Sep 18, 2018
apk-parser2 downloads Resources over HTTP High
CVE-2016-10632 was published for apk-parser2 (npm) Sep 18, 2018
Downloads Resources over HTTP in node-bsdiff-android High
CVE-2016-10641 was published for node-bsdiff-android (npm) Sep 18, 2018
Directory Traversal in augustine Moderate
CVE-2017-0930 was published for augustine (npm) Sep 18, 2018
Cross-Site Scripting in glance Moderate
CVE-2018-3748 was published for glance (npm) Sep 27, 2018
Cross-Site Scripting in sexstatic Moderate
CVE-2018-3755 was published for sexstatic (npm) Oct 1, 2018
node-opensl is malware High
CVE-2017-16063 was published for node-opensl (npm) Oct 3, 2018
Prototype Pollution in merge-options Critical
CVE-2018-3752 was published for merge-options (npm) Oct 9, 2018
Denial of Service in protobufjs Moderate
CVE-2018-3738 was published for protobufjs (npm) Oct 9, 2018
Regular Expression Denial of Service in negotiator High
CVE-2016-10539 was published for negotiator (npm) Oct 9, 2018
Moderate severity vulnerability that affects send Moderate
GHSA-pgv6-jrvv-75jp was published for send (npm) Oct 9, 2018 withdrawn
Moderate severity vulnerability that affects mustache Moderate
GHSA-3233-rgx3-c2wh was published for mustache (npm) Oct 9, 2018 withdrawn
Verification Bypass in jsonwebtoken Critical
CVE-2015-9235 was published for jsonwebtoken (npm) Oct 9, 2018
Denial-of-Service Extended Event Loop Blocking in qs High
CVE-2014-10064 was published for qs (npm) Oct 9, 2018
High severity vulnerability that affects uglify-js High
GHSA-g6f4-j6c2-w3p3 was published for uglify-js (npm) Oct 9, 2018 withdrawn
Regular Expression Denial of Service in minimatch High
CVE-2016-10540 was published for minimatch (npm) Oct 9, 2018
High severity vulnerability that affects qs High
GHSA-crvj-3gj9-gm2p was published for qs (npm) Oct 9, 2018 withdrawn
Prototype Pollution in deep-extend Critical
CVE-2018-3750 was published for deep-extend (npm) Oct 9, 2018
Out-of-bounds Read in atob Critical
CVE-2018-3745 was published for atob (npm) Oct 9, 2018
Cryptographically Weak PRNG in randomatic Moderate
CVE-2017-16028 was published for randomatic (npm) Oct 9, 2018
Denial of Service via malformed accept-encoding header in hapi High
CVE-2017-16013 was published for hapi (npm) Oct 9, 2018
Denial of Service in memjs Critical
CVE-2018-3767 was published for memjs (npm) Oct 10, 2018
Cross-Site Scripting in public Moderate
CVE-2018-3747 was published for public (npm) Oct 10, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database