Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,298 advisories

Loading
CSRF Vulnerability in polaris-website Moderate
GHSA-whrh-9j4q-g7ph was published for polaris-website (npm) Aug 5, 2020
Denial of service in fastify Moderate
CVE-2020-8192 was published for fastify (npm) Aug 5, 2020
CSRF vulnerability in save-server Moderate
CVE-2020-15135 was published for save-server (npm) Aug 4, 2020
Withdrawn Moderate
GHSA-chgg-rrmv-5q7x was published for jwt-simple (npm) Aug 3, 2020 withdrawn
Withdrawn Advisory: marked cross-site scripting vulnerability Moderate
GHSA-32vw-r77c-gm67 was published for marked (npm) Aug 3, 2020 withdrawn
Sandbox bypass in constantinople Moderate
GHSA-hg7c-66ff-9q8g was published for constantinople (npm) Jul 31, 2020 withdrawn
Uncontrolled resource consumption in jpeg-js Moderate
CVE-2020-8175 was published for jpeg-js (npm) Jul 27, 2020
avnerbarr
Storing Password in Local Storage Moderate
GHSA-wvh7-5p38-2qfc was published for parse (npm) Jul 23, 2020
dplewis pocketcolin
GraphQL: Security breach on Viewer query Moderate
CVE-2020-15126 was published for parse-server (npm) Jul 22, 2020
Moumouls
Command injection in codecov (npm package) Moderate
CVE-2020-15123 was published for codecov (npm) Jul 20, 2020
Command Injection in standard-version Moderate
GHSA-7xcx-6wjh-7xp2 was published for standard-version (npm) Jul 13, 2020
Sensitive information exposure through logs in npm-registry-fetch Moderate
GHSA-jmqm-f2gx-4fjv was published for npm-registry-fetch (npm) Jul 7, 2020
npm CLI exposing sensitive information through logs Moderate
CVE-2020-15095 was published for npm (npm) Jul 7, 2020
Arbitrary file read via window-open IPC in Electron Moderate
CVE-2020-4075 was published for electron (npm) Jul 7, 2020
ECDSA signature vulnerability of Minerva timing attack in jsrsasign Moderate
GHSA-g753-jx37-7xwh was published for jsrsasign (npm) Jun 30, 2020
Log Forging in generator-jhipster-kotlin Moderate
CVE-2020-4072 was published for generator-jhipster-kotlin (npm) Jun 25, 2020
Cross site scripting in Angular Moderate
CVE-2020-7676 was published for angular (npm) Jun 18, 2020
tdunlap607
Introspection in schema validation in Apollo Server Moderate
GHSA-w42g-7vfc-xf37 was published for apollo-server (npm) Jun 5, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7652 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7653 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7648 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7650 was published for snyk-broker (npm) Jun 3, 2020
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7651 was published for snyk-broker (npm) Jun 3, 2020
DoS via malicious record IDs in WatermelonDB Moderate
CVE-2020-4035 was published for @nozbe/watermelondb (npm) Jun 3, 2020
Cross-Site Scripting in jquery Moderate
CVE-2020-7656 was published for jQuery (RubyGems) May 20, 2020
klaudialax eoftedal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database