Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Regular expression deinal of service in express-validators Moderate
CVE-2020-7767 was published for express-validators (npm) May 10, 2021
Prototype Pollution in undefsafe Moderate
CVE-2019-10795 was published for undefsafe (npm) Feb 9, 2022
RDIL
OS Command Injection in rpi Moderate
CVE-2019-10796 was published for rpi (npm) Apr 13, 2021
Improper Input Validation in SocksJS-Node Moderate
CVE-2020-7693 was published for sockjs (npm) Apr 13, 2021
Improper Input Validation in sanitize-html Moderate
CVE-2021-26540 was published for sanitize-html (npm) May 6, 2021
Regular Expression Denial of Service in hosted-git-info Moderate
CVE-2021-23362 was published for hosted-git-info (npm) May 6, 2021
Prototype Pollution in iniparserjs Moderate
CVE-2021-23328 was published for iniparserjs (npm) Apr 13, 2021
Regular expression Denial of Service in multiple packages Moderate
CVE-2021-21391 was published for @ckeditor/ckeditor5-engine (npm) Apr 6, 2021
Prototype Pollution in dot-object Moderate
CVE-2019-10793 was published for dot-object (npm) Feb 9, 2022
RDIL
Injection in bodymen Moderate
CVE-2019-10792 was published for bodymen (npm) Apr 13, 2021
Open redirect in Slashify Moderate
CVE-2021-3189 was published for slashify (npm) Feb 5, 2021
Cross-site scripting in SocksJS-node Moderate
CVE-2020-8823 was published for sockjs (npm) Apr 13, 2021
Hostname spoofing via backslashes in URL Moderate
CVE-2020-26291 was published for urijs (npm) Dec 30, 2020
alesandroortiz
Weak JSON Web Token in yapi-vendor Moderate
CVE-2021-27884 was published for yapi-vendor (npm) Mar 26, 2021
Path Traversal in jsreport-chrome-pdf Moderate
CVE-2020-7762 was published for jsreport-chrome-pdf (npm) Apr 13, 2021
Improper Neutralization of Input in Theia console Moderate
CVE-2021-28161 was published for @theia/console (npm) Apr 13, 2021
Arbitrary Command Injection in portprocesses Moderate
CVE-2021-23348 was published for portprocesses (npm) Apr 6, 2021
omnitaint
Regular Expression Denial of Service (ReDoS) in es6-crawler-detect Moderate
CVE-2020-28501 was published for es6-crawler-detect (npm) Apr 13, 2021
[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values Moderate
CVE-2021-21412 was published for @thi.ng/egf (npm) Apr 6, 2021
erik-krogh
Regular expression deinal of service (ReDoS) in is-my-json-valid Moderate
CVE-2018-1107 was published for is-my-json-valid (npm) Jan 6, 2022
Regular expression Denial of Service in @progfay/scrapbox-parser Moderate
CVE-2021-27405 was published for @progfay/scrapbox-parser (npm) Mar 1, 2021
progfay
Improper Validation and Sanitization in url-parse Moderate
CVE-2020-8124 was published for url-parse (npm) Jan 6, 2022
Cross-site Scripting in vis-timeline Moderate
CVE-2020-28487 was published for vis-timeline (npm) Apr 13, 2021
Resource Exhaustion Denial of Service in http-proxy-agent Moderate
CVE-2019-10196 was published for http-proxy-agent (npm) Jan 6, 2022
Cross-site Scripting in dompurify Moderate
CVE-2020-26870 was published for dompurify (npm) Dec 18, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database