Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,598 advisories

Loading
Denial of Service in @hapi/accept High
GHSA-9vrw-m88g-w75q was published for @hapi/accept (npm) Sep 3, 2020
Command Injection in jison High
CVE-2020-8178 was published for jison (npm) Oct 8, 2020 withdrawn
Prototype Pollution in json-logic-js High
GHSA-m9hw-7xfv-wqg7 was published for json-logic-js (npm) Nov 12, 2020
Prototype Pollution in lodash.merge High
GHSA-h726-x36v-rx45 was published for lodash.merge (npm) Sep 3, 2020
Prototype Pollution in lodash.mergewith High
GHSA-779f-wgxg-qr8f was published for lodash.mergewith (npm) Sep 3, 2020
Prototype Pollution in lodash.mergewith High
GHSA-5947-m4fg-xhqg was published for lodash.mergewith (npm) Sep 3, 2020
Sandbox Breakout / Arbitrary Code Execution in notevil High
GHSA-7r5f-7qr4-pf6q was published for notevil (npm) Sep 3, 2020
Cross-Site Scripting in console-feed High
GHSA-g9wg-wq4f-2x5w was published for console-feed (npm) Sep 3, 2020
Authentication Bypass in otpauth High
GHSA-rmmc-8cqj-hfp3 was published for otpauth (npm) Sep 3, 2020
Cross-Site Scripting in markdown-to-jsx High
GHSA-ccrp-c664-8p4j was published for markdown-to-jsx (npm) Sep 3, 2020
Machine-In-The-Middle in airtable High
GHSA-jrj9-5qp6-2v8q was published for airtable (npm) Sep 3, 2020
Arbitrary Code Execution in handlebars High
GHSA-q2c6-c6pm-g3gh was published for handlebars (npm) Sep 4, 2020
Prototype Pollution in reggae High
GHSA-q9wr-gcjc-hq52 was published for reggae (npm) Sep 4, 2020
Cross-Site Scripting in nextcloud-vue-collections High
GHSA-whv6-rj84-2vh2 was published for nextcloud-vue-collections (npm) Sep 4, 2020
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8135 was published for @uppy/companion (npm) Sep 3, 2020
Prototype Pollution in @commercial/subtext High
GHSA-36c4-4r89-6whg was published for @commercial/subtext (npm) Sep 3, 2020
Remote Code Execution in next High
GHSA-5vj8-3v2h-h38v was published for next (npm) Sep 4, 2020
medikoo
Cross-Site Scripting in lazysizes High
GHSA-w4vp-3mq7-7v82 was published for lazysizes (npm) Sep 3, 2020
Hardcoded Initialization Vector in parsel High
GHSA-q643-w9jp-q2qg was published for parsel (npm) Sep 4, 2020
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145) High
CVE-2018-17145 was published for bcoin (npm) Sep 10, 2020
Secret disclosure when containing characters that become URI encoded High
CVE-2020-26226 was published for semantic-release (npm) Nov 18, 2020
dbjorge
Cross-Site Scripting bypass in html-purify High
GHSA-5p28-63mc-cgr9 was published for html-purify (npm) Dec 4, 2020
constructEvent does not verify header High
GHSA-4g53-vp7q-gfjv was published for @worker-tools/stripe-webhook (npm) May 28, 2021
Vulnerability allowing for reading internal HTTP resources High
GHSA-hfwx-c7q6-g54c was published for highcharts-export-server (npm) Mar 12, 2021
Arbitrary code execution in ExifTool High
GHSA-4whq-r978-2x68 was published for exiftool-vendored (npm) May 4, 2021
boardhead wbowling
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database