Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,583 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop High
CVE-2018-1296 was published for org.apache.hadoop:hadoop-main (Maven) Feb 12, 2019
Directory traversal in fast-http High
CVE-2020-7687 was published for fast-http (npm) Jul 27, 2020
Cross-Site Scripting in Prism High
CVE-2020-15138 was published for prismjs (npm) Aug 7, 2020
masatokinugawa
Prototype Pollution in lodash.merge High
GHSA-2m96-9w4j-wgv7 was published for lodash.merge (npm) Sep 3, 2020
Cross-Site Scripting in dmn-js-properties-panel High
GHSA-h9wr-xr4r-66fh was published for dmn-js-properties-panel (npm) Sep 3, 2020
Denial of Service in mongodb High
GHSA-mh5c-679w-hh4r was published for mongodb (npm) Sep 3, 2020
Cross-Site Scripting in snekserve High
GHSA-hv4w-jhcj-6wfw was published for snekserve (npm) Sep 3, 2020
Unauthorized File Access in node-git-server High
GHSA-cv3v-7846-6pxm was published for node-git-server (npm) Sep 3, 2020
Downloads Resources over HTTP in node-air-sdk High
CVE-2016-10647 was published for node-air-sdk (npm) Sep 1, 2020
Prototype Pollution in handlebars High
GHSA-g9r4-xpmj-mj65 was published for handlebars (npm) Sep 4, 2020
Prototype Pollution in get-setter High
GHSA-ch82-gqh6-9xj9 was published for get-setter (npm) Sep 4, 2020
Prototype Pollution in getsetdeep High
GHSA-8j49-49jq-vwcq was published for getsetdeep (npm) Sep 4, 2020
Command Injection in strapi High
GHSA-9p2w-rmx4-9mw7 was published for strapi (npm) Sep 4, 2020
Cross-Site Scripting in buefy High
GHSA-xwqw-rf2q-xmhf was published for buefy (npm) Sep 1, 2020
Remote Code Execution in pomelo-monitor High
GHSA-m5ch-gx8g-rg73 was published for pomelo-monitor (npm) Sep 2, 2020
Denial of Service in @commercial/subtext High
GHSA-cvfm-xjc8-f2vm was published for @commercial/subtext (npm) Sep 3, 2020
Cross-Site Scripting in markdown-it-katex High
GHSA-5ff8-jcf9-fw62 was published for markdown-it-katex (npm) Sep 4, 2020
Prototype Pollution in @hapi/subtext High
GHSA-g9cg-h3jm-cwrc was published for @hapi/subtext (npm) Sep 3, 2020
Command Injection in treekill High
GHSA-533p-g2hq-qr26 was published for treekill (npm) Sep 4, 2020
Cross-Site Scripting in md-data-table High
GHSA-hgr5-82rc-p936 was published for md-data-table (npm) Sep 1, 2020
Path Traversal in express-cart High
GHSA-8h8v-6qqm-fwpq was published for express-cart (npm) Sep 1, 2020
Cross-Site Scripting in jingo High
GHSA-mpjf-8cmf-p789 was published for jingo (npm) Sep 1, 2020
Denial of Service in @hapi/ammo High
GHSA-gjph-xf5q-6mfq was published for @hapi/ammo (npm) Sep 3, 2020
Denial of Service in @commercial/hapi High
GHSA-66mv-xh68-h6v2 was published for @commercial/hapi (npm) Sep 3, 2020
Cross-Site Scripting in htmr High
GHSA-f8rq-m28h-8hxj was published for htmr (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database