Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,127 advisories

Loading
Regular Expression Denial of Service in Acorn High
GHSA-6chw-6frg-f759 was published for acorn (npm) Apr 3, 2020
Sandbox bypass in constantinople Moderate
GHSA-hg7c-66ff-9q8g was published for constantinople (npm) Jul 31, 2020 withdrawn
Insecure Entropy Source - Math.random() in node-uuid High
CVE-2015-8851 was published for node-uuid (npm) Apr 16, 2020
Arbitrary File Write in iobroker.js-controller High
CVE-2019-10767 was published for iobroker.js-controller (npm) Dec 2, 2019
Cross-Site Scripting in vant High
GHSA-9xr8-8hmc-389f was published for vant (npm) Nov 22, 2019
SQL Injection in sequelize Critical
CVE-2019-10749 was published for sequelize (npm) Nov 8, 2019
Denial of Service in rgb2hex Moderate
GHSA-65p8-3hm4-h9h8 was published for rgb2hex (npm) Aug 23, 2019
Identity Spoofing in libp2p-secio Critical
GHSA-rch7-f4h5-x9rj was published for libp2p-secio (npm) Aug 23, 2019
Improper Key Verification in openpgp High
CVE-2019-9154 was published for openpgp (npm) Aug 23, 2019
Cross-Site Scripting in selectize-plugin-a11y Moderate
CVE-2019-15482 was published for selectize-plugin-a11y (npm) Aug 27, 2019
Path Traversal in algo-httpserv High
GHSA-cgjv-rghq-qhgp was published for algo-httpserv (npm) Sep 11, 2019
Validation bypass is possible in Json Pattern Validator Moderate
CVE-2019-19507 was published for jpv (npm) Dec 4, 2019
Remote Code Execution in Angular Expressions High
CVE-2020-5219 was published for angular-expressions (npm) Jan 24, 2020
MaxNad
Cross-Site Scripting in iobroker.web Moderate
CVE-2019-10771 was published for iobroker.web (npm) Dec 2, 2019
SQL Injection in sequelize Critical
CVE-2019-10748 was published for sequelize (npm) Nov 6, 2019
Undefined Behavior in sailsjs-cacheman Low
GHSA-5w65-6875-rhq8 was published for sailsjs-cacheman (npm) Sep 11, 2019
Sensitive Data Exposure in seneca Low
CVE-2019-5483 was published for seneca (npm) Sep 11, 2019
Cross-Site Scripting in dojo Moderate
CVE-2010-2273 was published for dojo (npm) Sep 11, 2019
Cross-Site Scripting in keystone Moderate
GHSA-h29r-4vqp-8jxf was published for keystone (npm) Aug 20, 2020 withdrawn
Message Signature Bypass in openpgp High
CVE-2019-9153 was published for openpgp (npm) Aug 23, 2019
Prototype Pollution in deeply Critical
CVE-2019-10750 was published for deeply (npm) Aug 27, 2019
Cross-Site Scripting in status-board Moderate
CVE-2019-15478 was published for status-board (npm) Sep 23, 2019
Cross-Site Scripting in cyberchef Moderate
CVE-2019-15532 was published for cyberchef (npm) Aug 27, 2019
Cross-Site Scripting via JSONP Moderate
GHSA-28hp-fgcr-2r4h was published for angular (npm) Jun 27, 2019
Cross-Site Scripting in @nuxt/devalue Moderate
CVE-2019-13506 was published for @nuxt/devalue (npm) Jul 16, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database