Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,583 advisories

Loading
Denial of Service in @commercial/ammo High
GHSA-rhc3-76jw-4f2x was published for @commercial/ammo (npm) Sep 4, 2020
Improper Authorization in @sap-cloud-sdk/core High
GHSA-r2vw-jgq9-jqx2 was published for @sap-cloud-sdk/core (npm) Sep 3, 2020
Cross-Site Scripting in mermaid High
GHSA-w32g-5hqp-gg6q was published for mermaid (npm) Sep 2, 2020
Improper Authorization in loopback High
GHSA-8wgc-jjvv-cv6v was published for loopback (npm) Sep 2, 2020
File restriction bypass in socket.io-file High
GHSA-6495-8jvh-f28x was published for socket.io-file (npm) Oct 2, 2020
Missing Origin Validation in browserify-hmr High
CVE-2018-14730 was published for browserify-hmr (npm) Sep 1, 2020
NoSQL injection in express-cart High
GHSA-f5cv-xrv9-r8w7 was published for express-cart (npm) Sep 1, 2020
Entropy Backdoor in text-qrcode High
GHSA-h5vj-f7r9-w564 was published for text-qrcode (npm) Sep 1, 2020
Remote Code Execution in office-converter High
GHSA-9p64-h5q4-phpm was published for office-converter (npm) Sep 2, 2020
Denial of Service in serialize-to-js High
GHSA-w5q7-3pr9-x44w was published for serialize-to-js (npm) Sep 2, 2020
Insecure Default Configuration in graphql-code-generator High
GHSA-9w87-4j72-gcv7 was published for graphql-code-generator (npm) Sep 2, 2020
Exploitable inventory component chaining in PocketMine-MP High
GHSA-8jq6-w5cg-wm45 was published for pocketmine/pocketmine-mp (Composer) Nov 11, 2020
Muqsit CortexPE
Cross-Site Scripting in scratch-svg-renderer High
CVE-2020-7750 was published for scratch-svg-renderer (npm) Nov 9, 2020
Command Injection in soletta-dev-app High
GHSA-8mgg-5x65-m4m4 was published for soletta-dev-app (npm) Sep 11, 2020
Command Injection in addax High
GHSA-4q8f-5xxj-946r was published for addax (npm) Sep 3, 2020
SQL Injection in sails-mysql High
GHSA-hx5x-49mm-vmhw was published for sails-mysql (npm) Sep 3, 2020
Disabled Hostname Verification in Opencast High
CVE-2020-26234 was published for org.opencastproject:opencast-kernel (Maven) Dec 8, 2020
intrigus-lgtm
Improper Input Validation in async-http-client High
CVE-2017-14063 was published for org.asynchttpclient:async-http-client (Maven) Oct 19, 2018
Path Traversal in zero High
GHSA-crf7-fvjx-863q was published for zero (npm) Sep 3, 2020
Cross-Site Scripting in jquery.json-viewer High
GHSA-v9wp-8r97-v6xg was published for jquery.json-viewer (npm) Sep 3, 2020
Cross-Site Scripting in @ionic/core High
GHSA-r3xc-47qg-h929 was published for @ionic/core (npm) Sep 3, 2020
Cross-Site Scripting in bleach High
GHSA-5634-rv46-48jf was published for bleach (npm) Sep 3, 2020
Path Traversal in restify-swagger-jsdoc High
GHSA-gvff-25cc-4f66 was published for restify-swagger-jsdoc (npm) Sep 3, 2020
Cross-Site Scripting in graylog-web-interface High
GHSA-9qgh-7pgp-hp7r was published for graylog-web-interface (npm) Sep 3, 2020
Improper Authentication in Apache Karaf High
CVE-2018-11787 was published for org.apache.karaf:apache-karaf (Maven) Jan 7, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database