Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,127 advisories

Loading
nodemssql is malware High
CVE-2017-16057 was published for nodemssql (npm) Nov 9, 2018
Pandao editor.md vulnerable to DOM XSS Moderate
CVE-2018-19056 was published for editor.md (npm) Nov 9, 2018
Prototype Pollution in cached-path-relative High
CVE-2018-16472 was published for cached-path-relative (npm) Nov 7, 2018
Insecure randomness in socket.io High
CVE-2017-16031 was published for socket.io (npm) Nov 7, 2018
HTML Injection in shout Moderate
CVE-2017-16043 was published for shout (npm) Nov 7, 2018
Cross-Site Request Forgery (CSRF) in Auth0 High
CVE-2018-6874 was published for auth0-js (npm) Nov 6, 2018
Cross-Site Scripting in nunjucks Moderate
CVE-2016-10547 was published for nunjucks (npm) Nov 6, 2018
XSS Filter Bypass via Encoded URL in validator Moderate
CVE-2014-9772 was published for validator (npm) Nov 6, 2018
Path Traversal in takeapeek Moderate
CVE-2018-16473 was published for takeapeek (npm) Nov 6, 2018
Forgeable Public/Private Tokens in jwt-simple Critical
CVE-2016-10555 was published for jwt-simple (npm) Nov 6, 2018
Stored Cross-Site Scripting in tianma-static Moderate
CVE-2018-16474 was published for tianma-static (npm) Nov 6, 2018
Path Traversal in knightjs High
CVE-2018-16475 was published for knightjs (npm) Nov 6, 2018
Command Injection in libnmap Moderate
CVE-2018-16461 was published for libnmap (npm) Nov 1, 2018
Command Injection in apex-publish-static-files Critical
CVE-2018-16462 was published for apex-publish-static-files (npm) Nov 1, 2018
node-tkinter is malware High
CVE-2017-16062 was published for node-tkinter (npm) Nov 1, 2018
tkinter is malware High
CVE-2017-16061 was published for tkinter (npm) Nov 1, 2018
Prototype Pollution in merge High
CVE-2018-16469 was published for merge (npm) Nov 1, 2018
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
No Charset in Content-Type Header in express Moderate
CVE-2014-6393 was published for express (npm) Oct 23, 2018
Cross-Site Scripting in handlebars Moderate
CVE-2015-8861 was published for handlebars (npm) Oct 23, 2018
Private Data Disclosure in express-restify-mongoose High
CVE-2016-10533 was published for express-restify-mongoose (npm) Oct 23, 2018
tdunlap607
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload Critical
CVE-2018-9206 was published for blueimp-file-upload (npm) Oct 22, 2018
dojox vulnerable to unescaped string injection Critical
CVE-2018-15494 was published for dojox (npm) Oct 15, 2018
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page Moderate
CVE-2018-18282 was published for next (npm) Oct 15, 2018
ReDoS via long string of semicolons in tough-cookie Moderate
CVE-2016-1000232 was published for tough-cookie (npm) Oct 10, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database