Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,127 advisories

Loading
Regular Expression Denial of Service in jadedown Low
CVE-2016-10520 was published for jadedown (npm) Feb 18, 2019
Denial of Service in mqtt-packet High
CVE-2016-10523 was published for mqtt-packet (npm) Feb 18, 2019
Regular Expression Denial of Service in jshamcrest High
CVE-2016-10521 was published for jshamcrest (npm) Feb 18, 2019
Authentication Bypass in hapi-auth-jwt2 Critical
CVE-2016-10525 was published for hapi-auth-jwt2 (npm) Feb 18, 2019
Denial of Service and Content Injection in i18n-node-angular High
CVE-2016-10524 was published for i18n-node-angular (npm) Feb 18, 2019
grunt-gh-pages before 0.10.0 may allow unencrypted GitHub credentials to be written to a log file Moderate
CVE-2016-10526 was published for grunt-gh-pages (npm) Feb 18, 2019
Regular Expression Denial of Service in riot-compiler High
CVE-2016-10527 was published for riot-compiler (npm) Feb 18, 2019
Directory Traversal in restafary Moderate
CVE-2016-10528 was published for restafary (npm) Feb 18, 2019
No CSRF Validation in droppy High
CVE-2016-10529 was published for droppy (npm) Feb 18, 2019
Authentication Bypass in console-io Critical
CVE-2016-10532 was published for console-io (npm) Feb 18, 2019
Timing Attack in csrf-lite High
CVE-2016-10535 was published for csrf-lite (npm) Feb 18, 2019
Insecure Defaults Allow MITM Over TLS in engine.io-client Moderate
CVE-2016-10536 was published for engine.io-client (npm) Feb 18, 2019
Cross-Site Scripting in backbone Moderate
CVE-2016-10537 was published for backbone (npm) Feb 18, 2019
Arbitrary File Write in cli Low
CVE-2016-10538 was published for cli (npm) Feb 18, 2019
Route Validation Bypass in call Moderate
CVE-2016-10543 was published for call (npm) Feb 18, 2019
Sails before 0.12.7 vulnerable to Broken CORS High
CVE-2016-10549 was published for sails (npm) Feb 18, 2019
Resources Downloaded over Insecure Protocol in igniteui Low
CVE-2016-10552 was published for igniteui (npm) Feb 18, 2019
appium-chromedriver downloads Resources over HTTP High
CVE-2016-10557 was published for appium-chromedriver (npm) Feb 18, 2019
Downloads Resources over HTTP in selenium-download High
CVE-2016-10559 was published for selenium-download (npm) Feb 18, 2019
openframe-ascii-image downloads Resources over HTTP High
CVE-2016-10690 was published for openframe-ascii-image (npm) Feb 18, 2019
Downloads Resources over HTTP in windows-iedriver High
CVE-2016-10689 was published for windows-iedriver (npm) Feb 18, 2019
Downloads Resources over HTTP in pk-app-wonderbox High
CVE-2016-10685 was published for pk-app-wonderbox (npm) Feb 18, 2019
Downloads Resources over HTTP in healthcenter High
CVE-2016-10684 was published for healthcenter (npm) Feb 18, 2019
Downloads Resources over HTTP in arcanist Moderate
CVE-2016-10683 was published for arcanist (npm) Feb 18, 2019
Downloads Resources over HTTP in serc.js High
CVE-2016-10678 was published for serc.js (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database