Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,127 advisories

Loading
Insecure Defaults Leads to Potential MITM in ezseed-transmission Moderate
CVE-2016-1000224 was published for ezseed-transmission (npm) Sep 1, 2020
Directory Traversal in fancy-server High
CVE-2014-10066 was published for fancy-server (npm) Aug 31, 2020
Hidden Directories Always Served in inert Moderate
CVE-2014-10068 was published for inert (npm) Aug 31, 2020
Authentication Bypass in console-io Critical
CVE-2016-10532 was published for console-io (npm) Feb 18, 2019
Directory Traversal in nodeload-nmickuli High
GHSA-wmcq-3wfx-qjx5 was published for nodeload-nmickuli (npm) Sep 1, 2020
Downloads Resources over HTTP in npm-test-sqlite3-trunk High
CVE-2016-10695 was published for npm-test-sqlite3-trunk (npm) Sep 1, 2020
Downloads Resources over HTTP in apk-parser High
CVE-2016-10564 was published for apk-parser (npm) Sep 1, 2020
Insecure randomness in socket.io High
CVE-2017-16031 was published for socket.io (npm) Nov 7, 2018
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page Moderate
CVE-2018-18282 was published for next (npm) Oct 15, 2018
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7451 was published for validator (npm) Oct 24, 2017
Sensitive Data Exposure in msrcrypto Critical
CVE-2018-8319 was published for msrcrypto (npm) Sep 10, 2018
Directory Traversal in featurebook Moderate
GHSA-7x92-2j68-h32c was published for featurebook (npm) Sep 1, 2020
Malicious Package in regenrator Critical
GHSA-m5p4-7wf9-6w99 was published for regenrator (npm) Sep 1, 2020
Malicious Package in dossier Critical
GHSA-c8h6-89q2-mgv8 was published for dossier (npm) Sep 1, 2020
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7452 was published for validator (npm) Oct 24, 2017
Downloads Resources over HTTP in js-given High
CVE-2016-10638 was published for js-given (npm) Feb 18, 2019
Sandbox Breakout / Arbitrary Code Execution in static-eval High
GHSA-x9hc-rw35-f44h was published for static-eval (npm) Sep 2, 2020
Improper Authorization in googleapis High
GHSA-7543-mr7h-6v86 was published for googleapis (npm) Sep 2, 2020
Cross-Site Scripting in express-cart Low
GHSA-9pr3-7449-977r was published for express-cart (npm) Sep 2, 2020
Malicious Package in asynnc Critical
GHSA-5fm9-jmv7-fcx5 was published for asynnc (npm) Sep 2, 2020
Malicious Package in commander-js Critical
GHSA-2hqf-qqmq-pgpp was published for commander-js (npm) Sep 2, 2020
Command Injection in samsung-remote Critical
GHSA-xhjx-mfr6-9rr4 was published for samsung-remote (npm) Sep 1, 2020
NoSQL Injection in loopback-connector-mongodb High
GHSA-hxwc-5vw9-2w4w was published for loopback-connector-mongodb (npm) Sep 2, 2020
Arbitrary File Overwrite in decompress-zip High
GHSA-73v8-v6g4-vrpm was published for decompress-zip (npm) Sep 2, 2020
Malicious Package in asinc Critical
GHSA-87qw-7v97-w34r was published for asinc (npm) Sep 2, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database