Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,598 advisories

Loading
Command Injection in git-tags-remote High
GHSA-gm9x-q798-hmr4 was published for git-tags-remote (npm) Jul 29, 2020
Authorization header is not sanitized in an error object in auth0 High
CVE-2020-15125 was published for auth0 (npm) Jul 29, 2020
osdiab
Directory traversal in rollup-plugin-server High
CVE-2020-7683 was published for rollup-plugin-server (npm) Jul 29, 2020
Directory traversal in rollup-plugin-server High
CVE-2020-7686 was published for rollup-plugin-server (npm) Jul 29, 2020
Signature Malleabillity in elliptic High
CVE-2020-13822 was published for elliptic (npm) Jul 29, 2020
dot-prop Prototype Pollution vulnerability High
CVE-2020-8116 was published for dot-prop (npm) Jul 29, 2020
Withdrawn High
GHSA-p56r-jr4p-4wgh was published for whereis (npm) Aug 3, 2020 withdrawn
Withdrawn High
GHSA-wx84-69jh-jjp2 was published for sshpk (npm) Aug 3, 2020 withdrawn
Cross-Site Scripting in Prism High
CVE-2020-15138 was published for prismjs (npm) Aug 7, 2020
masatokinugawa
Insecure serialization leading to RCE in serialize-javascript High
CVE-2020-7660 was published for serialize-javascript (npm) Aug 11, 2020
Cross-Site Scripting in @progress/kendo-angular-editor High
GHSA-j7wp-vjj6-cp5m was published for @progress/kendo-angular-editor (npm) Aug 11, 2020
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8205 was published for @uppy/companion (npm) Aug 13, 2020
SQL Injection in waterline-sequel High
GHSA-mpcx-8qqw-rmcq was published for waterline-sequel (npm) Aug 19, 2020 withdrawn
Denial of Service in https-proxy-agent High
GHSA-qrg3-f6h6-vq8q was published for https-proxy-agent (npm) Aug 19, 2020 withdrawn
Command Injection in macaddress High
GHSA-q9r2-f3vc-rjg8 was published for macaddress (npm) Aug 19, 2020 withdrawn
Cross-Site Scripting in highcharts High
GHSA-gr4j-r575-g665 was published for highcharts (npm) Aug 25, 2020
Windforce17
DataTable Vulnerable to Cross-Site Scripting High
CVE-2015-6584 was published for datatables (Composer) Aug 31, 2020
Unauthenticated Remote Command Injection in ep_imageconvert High
CVE-2013-3364 was published for ep_imageconvert (npm) Aug 31, 2020
Directory Traversal in fancy-server High
CVE-2014-10066 was published for fancy-server (npm) Aug 31, 2020
LDAP Injection in ldapauth High
CVE-2015-7294 was published for ldapauth (npm) Aug 31, 2020
Content Injection in remarkable High
CVE-2014-10065 was published for remarkable (npm) Aug 31, 2020
tdunlap607
Directory Traversal in st High
CVE-2014-3744 was published for st (npm) Aug 31, 2020
Regular Expression Denial of Service in validator High
CVE-2014-8882 was published for validator (npm) Aug 31, 2020
Denial of Service in yar High
CVE-2014-4179 was published for yar (npm) Sep 1, 2020
Regular Expression Denial of Service in ansi2html High
CVE-2015-9239 was published for ansi2html (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database