Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
CKEditor 4.0 vulnerability in the HTML Data Processor Moderate
CVE-2020-9281 was published for ckeditor4 (npm) May 7, 2021
Churro
OS Command Injection in ng-packagr Moderate
CVE-2020-7735 was published for ng-packagr (npm) May 7, 2021
Cross-site scripting in bootstrap-select Moderate
CVE-2019-20921 was published for bootstrap-select (npm) May 7, 2021
Regular Expression Denial of Service in postcss Moderate
CVE-2021-23368 was published for postcss (npm) May 10, 2021
Command Injection in @theia/messages Moderate
CVE-2021-28162 was published for @theia/messages (npm) May 10, 2021
Cross-site Scripting in quill Moderate
CVE-2021-3163 was published for quill (npm) May 10, 2021
elgreg abdelkabirouadoukou
italvi
Prototype pollution in json-pointer Moderate
CVE-2020-7709 was published for json-pointer (Maven) May 10, 2021
Cross-site Scripting in lightning-server Moderate
CVE-2020-7747 was published for lightning-server (npm) May 10, 2021
Regular expression denial of service in codemirror Moderate
CVE-2020-7760 was published for codemirror (npm) May 10, 2021
Cross-site Scripting in reveal.js Moderate
CVE-2020-8127 was published for reveal.js (npm) May 10, 2021
Path Traversal in droppy Moderate
CVE-2020-7757 was published for droppy (npm) May 10, 2021
Cross-site scripting in Joplin Moderate
CVE-2020-28249 was published for joplin (npm) May 10, 2021
Prototype pollution in @tsed/core Moderate
CVE-2020-7748 was published for @tsed/core (npm) May 10, 2021
Regular expression denial of service in @absolunet/kafe Moderate
CVE-2020-7761 was published for @absolunet/kafe (npm) May 10, 2021
Regular expression deinal of service in express-validators Moderate
CVE-2020-7767 was published for express-validators (npm) May 10, 2021
Cross-site scripting in jspdf Moderate
CVE-2020-7691 was published for jspdf (npm) May 11, 2021
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV
Lack of protection against cookie tossing attacks in fastify-csrf Moderate
CVE-2021-29624 was published for fastify-csrf (npm) May 17, 2021
Insecure template handling in express-hbs Moderate
CVE-2021-32817 was published for express-hbs (npm) May 17, 2021
richardfan0606
OS Command Injection in mversion Moderate
CVE-2020-7688 was published for mversion (npm) May 17, 2021
Cross-site scripting in TileServer GL Moderate
CVE-2020-15500 was published for tileserver-gl (npm) May 17, 2021
tdunlap607
Cross-site scripting in @shopify/koa-shopify-auth Moderate
CVE-2020-8176 was published for @shopify/koa-shopify-auth (npm) May 17, 2021
Cross-site scripting in jspdf Moderate
CVE-2020-7690 was published for jspdf (npm) May 17, 2021
Credential leak in react-native-fast-image Moderate
CVE-2020-7696 was published for react-native-fast-image (npm) May 18, 2021
Cross-site Scripting in docsify Moderate
CVE-2020-7680 was published for docsify (npm) May 18, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database