Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,127 advisories

Loading
Potential Command Injection in shell-quote Critical
CVE-2016-10541 was published for shell-quote (npm) Feb 18, 2019
DoS due to excessively large websocket message in ws High
CVE-2016-10542 was published for ws (npm) Feb 18, 2019
Path Traversal in total.js High
CVE-2019-8903 was published for total.js (npm) Feb 20, 2019
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
uap-core Regular Expression Denial of Service issue Moderate
CVE-2018-20164 was published for uap-core (npm) Mar 6, 2019
Cross-Site Scripting in editor.md Moderate
CVE-2019-9737 was published for editor.md (npm) Mar 14, 2019
Regular Expression Denial of Service in highcharts High
CVE-2018-20801 was published for highcharts (npm) Mar 18, 2019
Path Traversal in localhost-now High
CVE-2019-5416 was published for localhost-now (npm) Mar 25, 2019
Command Injection in kill-port High
CVE-2019-5414 was published for kill-port (npm) Mar 25, 2019
Code Injection in morgan Critical
CVE-2019-5413 was published for morgan (npm) Mar 25, 2019
Path Traversal in serve High
CVE-2019-5415 was published for serve (npm) Mar 25, 2019
shivakumar-loginsoft
Directory Traversal in serve High
CVE-2019-5417 was published for serve (npm) Mar 25, 2019
Moderate severity vulnerability that affects total.js Moderate
CVE-2019-10260 was published for total.js (npm) Apr 2, 2019
Cross-Site Scripting in buttle High
CVE-2019-5422 was published for buttle (npm) Apr 8, 2019
Path Traversal in http-live-simulator High
CVE-2019-5423 was published for http-live-simulator (npm) Apr 8, 2019
Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation Moderate
CVE-2019-11004 was published for @materializecss/materialize (npm) Apr 9, 2019
ajaymahadeven
Materialize-css vulnerable to Cross-site Scripting in autocomplete component Moderate
CVE-2019-11003 was published for @materializecss/materialize (npm) Apr 9, 2019
erik-krogh
Materialize-css vulnerable to Cross-site Scripting in tooltip component Moderate
CVE-2019-11002 was published for @materializecss/materialize (npm) Apr 9, 2019
Cross-Site Scripting in simple-markdown Moderate
CVE-2019-9844 was published for simple-markdown (npm) Apr 9, 2019
SQL Injection in sequelize High
CVE-2019-11069 was published for sequelize (npm) Apr 11, 2019
tdunlap607
Duplicate Advisory: Prototype Pollution in jquery Moderate
CVE-2019-5428 was published for jquery (RubyGems) Apr 23, 2019 withdrawn
kurt-r2c
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
Rudloff
Cross-site Scripting in NodeBB Moderate
CVE-2015-9286 was published for nodebb (npm) May 1, 2019
Improper Input Validation in tar-fs High
CVE-2018-20835 was published for tar-fs (npm) May 1, 2019
Arbitrary File Overwrite in tar High
CVE-2018-20834 was published for tar (npm) May 1, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database