Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,163 advisories

Loading
Cross-Site Scripting in harp Moderate
GHSA-cx7r-634m-2q2h was published for harp (npm) Sep 2, 2020 withdrawn
Cross-Site Scripting in buttle Moderate
GHSA-pqpp-2363-649v was published for buttle (npm) Sep 2, 2020
Sandbox Breakout / Arbitrary Code Execution in value-censorship Moderate
GHSA-xrr6-6ww3-f3qm was published for value-censorship (npm) Sep 2, 2020
Unauthorized File Access in glance Moderate
GHSA-vw7g-jq9m-3q9v was published for glance (npm) Sep 2, 2020
Memory leak in Nanopb Moderate
CVE-2020-26243 was published for nanopb (pip) Nov 25, 2020
Cross-Site Scripting in diagram-js-direct-editing Moderate
GHSA-j8r2-2x94-2q67 was published for diagram-js-direct-editing (npm) Sep 11, 2020
Command Injection Vulnerability in systeminformation Moderate
CVE-2020-26274 was published for systeminformation (npm) Dec 16, 2020
Command Injection in wizard-syncronizer Moderate
GHSA-wgw3-gf4p-62xc was published for wizard-syncronizer (npm) Sep 11, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL Moderate
CVE-2018-8024 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Command injection in codecov (npm package) Moderate
CVE-2020-15123 was published for codecov (npm) Jul 20, 2020
CSRF Vulnerability in jquery-ujs Moderate
GHSA-6qqj-rx4w-r3cj was published for jquery-ujs (npm) Aug 31, 2020
Validation Bypass in paypal-ipn Moderate
CVE-2014-10067 was published for paypal-ipn (npm) Aug 31, 2020
Remote Memory Disclosure in bittorrent-dht Moderate
CVE-2016-10519 was published for bittorrent-dht (npm) Sep 1, 2020
Cross-Site Scripting in yui Moderate
CVE-2013-4939 was published for yui (npm) Sep 1, 2020
HTML Injection in marky-markdown Moderate
GHSA-pxmp-fwjc-4x7q was published for marky-markdown (npm) Sep 3, 2020
Sandbox Breakout / Arbitrary Code Execution in sandbox Moderate
GHSA-fm4j-4xhm-xpwx was published for sandbox (npm) Sep 2, 2020
XSS vulnerability when listing users on add & modify server pages. Moderate
GHSA-5822-pw57-vv37 was published for pterodactyl/panel (Composer) Oct 8, 2020
sergejostir
Web Cache Poisoning in find-my-way Moderate
CVE-2020-7764 was published for find-my-way (npm) Nov 9, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-22q9-hqm5-mhmc was published for swagger-ui (npm) Sep 11, 2020
Prototype Pollution in mergify Moderate
GHSA-3f95-w5h5-fq86 was published for mergify (npm) Sep 11, 2020
Local File Inclusion in domokeeper Moderate
GHSA-cr67-78jr-j94p was published for domokeeper (npm) Sep 3, 2020
Path Traversal in public Moderate
GHSA-4vvp-x9h2-x2vf was published for public (npm) Sep 3, 2020
Prototype Pollution in systeminformation Moderate
CVE-2020-26245 was published for systeminformation (npm) Nov 27, 2020
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Denial of Service in ecstatic Moderate
CVE-2019-10775 was published for ecstatic (npm) Dec 15, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database