Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Command Injection in wxchangba Moderate
GHSA-j6v9-xgvh-f796 was published for wxchangba (npm) Sep 11, 2020
Denial of Service in node-sass Moderate
GHSA-9v62-24cr-58cx was published for node-sass (npm) Sep 11, 2020
Command Injection in wizard-syncronizer Moderate
GHSA-wgw3-gf4p-62xc was published for wizard-syncronizer (npm) Sep 11, 2020
Cross-Site Scripting in diagram-js Moderate
GHSA-8fw4-xh83-3j6q was published for diagram-js (npm) Sep 11, 2020
tdunlap607
Cross-Site Scripting in dojo Moderate
CVE-2015-5654 was published for dojo (npm) Sep 11, 2020
User Impersonation in converse.js Moderate
CVE-2017-5858 was published for converse.js (npm) Sep 11, 2020
Cross-Site Scripting in diagram-js-direct-editing Moderate
GHSA-j8r2-2x94-2q67 was published for diagram-js-direct-editing (npm) Sep 11, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-4f9m-pxwh-68hg was published for swagger-ui (npm) Sep 11, 2020
tdunlap607
Cross-Site Scripting in serve Moderate
GHSA-cpgr-wmr9-qxv4 was published for serve (npm) Sep 11, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-388g-jwpg-x6j4 was published for swagger-ui (npm) Sep 11, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-vp93-gcx5-4w52 was published for swagger-ui (npm) Sep 11, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-22q9-hqm5-mhmc was published for swagger-ui (npm) Sep 11, 2020
Prototype Pollution in mergify Moderate
GHSA-3f95-w5h5-fq86 was published for mergify (npm) Sep 11, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-w992-2gmj-9xxj was published for swagger-ui (npm) Sep 11, 2020
Renovate vulnerable to Azure DevOps token leakage in logs Moderate
GHSA-36rh-ggpr-j3gj was published for renovate (npm) Sep 14, 2020
ylemkimon
Potential XSS in jQuery dependency in Mirador Moderate
GHSA-hgwm-pv9h-q5m7 was published for mirador (npm) Sep 18, 2020
Android WebView Universal Cross-site Scripting Moderate
CVE-2020-6506 was published for react-native-webview (npm) Oct 2, 2020
alesandroortiz
Open Redirect in Next.js versions Moderate
CVE-2020-15242 was published for next (npm) Oct 8, 2020
Cross-site Scripting in Joplin Moderate
CVE-2020-9038 was published for joplin (npm) Oct 13, 2020
receiving subscription objects with deleted session Moderate
CVE-2020-15270 was published for parse-server (npm) Oct 27, 2020
davimacedo maxiqsoft
Command Injection in systeminformation Moderate
CVE-2020-26300 was published for systeminformation (npm) Oct 27, 2020
Cross-site Scripting in Strapi Moderate
CVE-2020-27666 was published for strapi-plugin-content-manager (npm) Oct 29, 2020
Web Cache Poisoning in find-my-way Moderate
CVE-2020-7764 was published for find-my-way (npm) Nov 9, 2020
Prototype Pollution in highlight.js Moderate
CVE-2020-26237 was published for highlight.js (npm) Nov 24, 2020
turt2live allejo
joshgoebel
Prototype Pollution in systeminformation Moderate
CVE-2020-26245 was published for systeminformation (npm) Nov 27, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database