Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Regular Expression Denial of Service (REDoS) in Marked Moderate
CVE-2021-21306 was published for marked (npm) Feb 8, 2021
Xegyn calculuschild
File System Bounds Escape Moderate
CVE-2020-26299 was published for ftp-srv (npm) Feb 10, 2021
n-timofeev
SSRF in Rendertron Moderate
CVE-2020-8902 was published for rendertron (npm) Mar 1, 2021
Command Injection in systeminformation Moderate
CVE-2020-26300 was published for systeminformation (npm) Oct 27, 2020
Axios vulnerable to Server-Side Request Forgery Moderate
CVE-2020-28168 was published for axios (npm) Jan 4, 2021
Prototype Pollution in highlight.js Moderate
CVE-2020-26237 was published for highlight.js (npm) Nov 24, 2020
turt2live allejo
joshgoebel
Remote Memory Exposure in bl Moderate
CVE-2020-8244 was published for bl (npm) Sep 2, 2020
receiving subscription objects with deleted session Moderate
CVE-2020-15270 was published for parse-server (npm) Oct 27, 2020
davimacedo maxiqsoft
Cross-site Scripting in Joplin Moderate
CVE-2020-9038 was published for joplin (npm) Oct 13, 2020
Cross-Site Scripting in @novnc/novnc Moderate
CVE-2017-18635 was published for @novnc/novnc (npm) Aug 28, 2020
SQL Injection in mysql Moderate
CVE-2015-9244 was published for mysql (npm) Sep 1, 2020
Integer Overflow or Wraparound and Use of a Broken or Risky Cryptographic Algorithm in bcrypt Moderate
CVE-2020-7689 was published for bcrypt (npm) Aug 20, 2020
node-red-dashboard vulnerable to Cross-site Scripting Moderate
CVE-2022-3783 was published for node-red-dashboard (npm) Nov 1, 2022
No Charset in Content-Type Header in express Moderate
CVE-2014-6393 was published for express (npm) Oct 23, 2018
CORS Token Disclosure in crumb Moderate
CVE-2014-7193 was published for crumb (npm) Oct 24, 2017
Uncaught exception in engine.io Moderate
CVE-2022-41940 was published for engine.io (npm) Nov 21, 2022
G-Rath
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7650 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7651 was published for snyk-broker (npm) Jun 3, 2020
Http request which redirect to another hostname do not strip authorization header in @actions/http-client Moderate
CVE-2020-11021 was published for @actions/http-client (npm) Apr 29, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7653 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7648 was published for snyk-broker (npm) Jun 3, 2020
XSS in knockout Moderate
CVE-2019-14862 was published for knockout (npm) Apr 1, 2020
Cross-site Scripting in pandao Moderate
CVE-2019-14653 was published for editor.md (npm) Aug 23, 2019
Cross-site Scripting in node-red-dashboard Moderate
CVE-2019-10756 was published for node-red-dashboard (npm) Oct 25, 2019
Invalid Curve Attack in openpgp Moderate
CVE-2019-9155 was published for openpgp (npm) Aug 23, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database