Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,127 advisories

Loading
Cross-Site Scripting in morris.js Moderate
CVE-2017-16022 was published for morris.js (npm) Nov 9, 2018
Downloads Resources over HTTP in haxe High
CVE-2016-10602 was published for haxe (npm) Feb 18, 2019
Cross-Site Scripting in buttle High
CVE-2019-5422 was published for buttle (npm) Apr 8, 2019
Directory traversal vulnerability in Next.js High
CVE-2018-6184 was published for next (npm) Jan 24, 2018
Cross-Site Scripting in serialize-javascript Moderate
CVE-2019-16769 was published for serialize-javascript (npm) Dec 5, 2019
High severity vulnerability that affects generator-jhipster High
GHSA-mc84-xr9p-938r was published for generator-jhipster (npm) Sep 23, 2019
Low severity vulnerability that affects eye.js Low
GHSA-mgv2-57vj-99xc was published for eye.js (npm) Oct 7, 2019
Critical severity vulnerability that affects generator-jhipster Critical
GHSA-mwp6-j9wf-968c was published for generator-jhipster (npm) Sep 13, 2019 withdrawn
JLLeitschuh
Downloads Resources over HTTP in embedza High
CVE-2016-10569 was published for embedza (npm) Feb 18, 2019
Command Injection in dns-sync Critical
CVE-2017-16100 was published for dns-sync (npm) Jul 18, 2018
Privilege Escalation due to Blind NoSQL Injection in flintcms Critical
CVE-2018-3783 was published for flintcms (npm) Aug 21, 2018
Downloads Resources over HTTP in resourcehacker High
CVE-2016-10646 was published for resourcehacker (npm) Aug 15, 2018
Downloads Resources over HTTP in atom-node-module-installer High
CVE-2016-10620 was published for atom-node-module-installer (npm) Feb 18, 2019
SSL Validation Defaults to False in electron-packager Low
CVE-2016-10534 was published for electron-packager (npm) Feb 18, 2019
Denial of Service in https-proxy-agent Critical
CVE-2018-3739 was published for https-proxy-agent (npm) Jul 27, 2018
kurt-r2c
Downloads Resources over HTTP in dalek-browser-chrome-canary High
CVE-2016-10584 was published for dalek-browser-chrome-canary (npm) Feb 18, 2019
Downloads Resources over HTTP in strider-sauce High
CVE-2016-10611 was published for strider-sauce (npm) Feb 18, 2019
Hijacked Environment Variables in proxy.js Moderate
CVE-2017-16076 was published for proxy.js (npm) Aug 29, 2018
Prototype Pollution in extend Moderate
CVE-2018-16492 was published for extend (npm) Feb 7, 2019
Downloads Resources over HTTP in qbs High
CVE-2016-10656 was published for qbs (npm) Feb 18, 2019
Prototype Pollution in merge-options Critical
CVE-2018-3752 was published for merge-options (npm) Oct 9, 2018
Downloads Resources over HTTP in react-native-baidu-voice-synthesizer High
CVE-2016-10697 was published for react-native-baidu-voice-synthesizer (npm) Jul 31, 2018
No CSRF Validation in droppy High
CVE-2016-10529 was published for droppy (npm) Feb 18, 2019
Downloads Resources over HTTP in cobalt-cli High
CVE-2016-10597 was published for cobalt-cli (npm) Feb 18, 2019
Downloads Resources over HTTP in serc.js High
CVE-2016-10678 was published for serc.js (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database