Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Cross-Site Scripting in status-board Moderate
CVE-2019-15478 was published for status-board (npm) Sep 23, 2019
Status Board vulnerable to Cross-Site Scripting before v1.1.82 Moderate
CVE-2019-15479 was published for status-board (npm) Sep 23, 2019
tdunlap607
Cross-Site Scripting in dojo Moderate
CVE-2010-2273 was published for dojo (npm) Sep 11, 2019
Cross-Site Scripting in webtorrent Moderate
CVE-2019-15782 was published for webtorrent (npm) Sep 4, 2019
tdunlap607
Path Traversal in statichttpserver Moderate
CVE-2019-5480 was published for statichttpserver (npm) Sep 4, 2019
Cross-Site Scripting in selectize-plugin-a11y Moderate
CVE-2019-15482 was published for selectize-plugin-a11y (npm) Aug 27, 2019
Cross-Site Scripting in cyberchef Moderate
CVE-2019-15532 was published for cyberchef (npm) Aug 27, 2019
Invalid Curve Attack in openpgp Moderate
CVE-2019-9155 was published for openpgp (npm) Aug 23, 2019
Cross-site Scripting in pandao editor.md Moderate
CVE-2019-14517 was published for editor.md (npm) Aug 23, 2019
Cross-site Scripting in pandao Moderate
CVE-2019-14653 was published for editor.md (npm) Aug 23, 2019
Denial of Service in rgb2hex Moderate
GHSA-65p8-3hm4-h9h8 was published for rgb2hex (npm) Aug 23, 2019
Cross-Site Scripting in http-file-server Moderate
CVE-2019-5458 was published for http-file-server (npm) Jul 31, 2019
Cross-Site Scripting in min-http-server Moderate
CVE-2019-5457 was published for min-http-server (npm) Jul 31, 2019
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (RubyGems) Jul 19, 2019
mitchell-codecov G-Rath
Cross-Site Scripting in @nuxt/devalue Moderate
CVE-2019-13506 was published for @nuxt/devalue (npm) Jul 16, 2019
Path Traversal in http-file-server Moderate
CVE-2019-5447 was published for http-file-server (npm) Jul 16, 2019
Remote code execution in Handlebars.js Moderate
GHSA-6r5x-hmgg-7h53 was published for handlebars (npm) Jul 15, 2019 withdrawn
Sensitive Data Exposure in parse-server Moderate
CVE-2019-1020013 was published for parse-server (npm) Jul 11, 2019
fastrde acinader
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js Moderate
CVE-2017-11429 was published for saml2-js (npm) Jul 5, 2019
Denial of Service in mem Moderate
GHSA-4xcv-9jjx-gfj3 was published for mem (npm) Jul 5, 2019
Cross-Site Scripting via JSONP Moderate
GHSA-28hp-fgcr-2r4h was published for angular (npm) Jun 27, 2019
Arbitrary Code Injection in mobile-icon-resizer Moderate
GHSA-mxjr-xmcg-fg7w was published for mobile-icon-resizer (npm) Jun 27, 2019
Out-of-bounds Read in stringstream Moderate
CVE-2018-21270 was published for stringstream (npm) Jun 20, 2019
Reverse Tabnapping in swagger-ui Moderate
GHSA-x9p2-fxq6-2m5f was published for swagger-ui (npm) Jun 20, 2019
Regular Expression Denial of Service Moderate
GHSA-qx4v-6gc5-f2vv was published for esm (npm) Jun 20, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database