Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,127 advisories

Loading
SimpleMDE XSS Vulnerability Moderate
CVE-2018-19057 was published for simplemde (npm) Nov 21, 2018
Denial of Service in ethereumjs-vm High
CVE-2018-19183 was published for ethereumjs-vm (npm) Nov 21, 2018
Critical severity vulnerability that affects event-stream and flatmap-stream Critical
GHSA-mh6f-8j2x-4483 was published for event-stream (npm) Nov 26, 2018
Path Traversal in simplehttpserver Moderate
CVE-2018-16478 was published for simplehttpserver (npm) Dec 6, 2018
Unrestricted Upload of File with Dangerous Type in jquery-file-upload Critical
CVE-2018-9207 was published for jquery-file-upload (npm) Dec 19, 2018
Missing Origin Validation in webpack-dev-server High
CVE-2018-14732 was published for webpack-dev-server (npm) Jan 4, 2019
NikoRaisanen
react-dev-utils on Windows vulnerable to Remote Code Execution High
CVE-2018-6342 was published for react-dev-utils (npm) Jan 4, 2019
rendertron can remotely shut down Chrome instance High
CVE-2017-18353 was published for rendertron (npm) Jan 4, 2019
rendertron LFI vulnerability High
CVE-2017-18354 was published for rendertron (npm) Jan 4, 2019
Cross-Site Scripting in react-dom Moderate
CVE-2018-6341 was published for react-dom (npm) Jan 4, 2019
rendertron XSS vulnerability Moderate
CVE-2017-18352 was published for rendertron (npm) Jan 7, 2019
xterm vulnerable to remote code execution High
CVE-2019-0542 was published for xterm (npm) Jan 14, 2019
Churro
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (RubyGems) Jan 17, 2019
roka-actico
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Prototype Pollution in extend Moderate
CVE-2018-16492 was published for extend (npm) Feb 7, 2019
Path Traversal in http-live-simulator High
CVE-2018-16479 was published for http-live-simulator (npm) Feb 7, 2019
Tnantoka/public XSS Vulnerability Moderate
CVE-2018-16480 was published for public (npm) Feb 7, 2019
Cross-Site Scripting in html-pages Moderate
CVE-2018-16481 was published for html-pages (npm) Feb 7, 2019
mcstatic directory traversal vulnerability High
CVE-2018-16482 was published for mcstatic (npm) Feb 7, 2019
Authentication Bypass by Spoofing in express-cart High
CVE-2018-16483 was published for express-cart (npm) Feb 7, 2019
Cross-Site Scripting in m-server Moderate
CVE-2018-16484 was published for m-server (npm) Feb 7, 2019
Prototype Pollution in defaults-deep Critical
CVE-2018-16486 was published for defaults-deep (npm) Feb 7, 2019
Prototype Pollution in lodash High
CVE-2018-16487 was published for lodash (RubyGems) Feb 7, 2019
G-Rath
Prototype Pollution in just-extend Critical
CVE-2018-16489 was published for just-extend (npm) Feb 7, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database