Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Command Injection in wizard-syncronizer Moderate
GHSA-wgw3-gf4p-62xc was published for wizard-syncronizer (npm) Sep 11, 2020
Cross-Site Scripting in diagram-js-direct-editing Moderate
GHSA-j8r2-2x94-2q67 was published for diagram-js-direct-editing (npm) Sep 11, 2020
Command Injection Vulnerability in systeminformation Moderate
CVE-2020-26274 was published for systeminformation (npm) Dec 16, 2020
Cross-Site Scripting in harp Moderate
GHSA-cx7r-634m-2q2h was published for harp (npm) Sep 2, 2020 withdrawn
Cross-Site Scripting in buttle Moderate
GHSA-pqpp-2363-649v was published for buttle (npm) Sep 2, 2020
Sandbox Breakout / Arbitrary Code Execution in value-censorship Moderate
GHSA-xrr6-6ww3-f3qm was published for value-censorship (npm) Sep 2, 2020
Unauthorized File Access in glance Moderate
GHSA-vw7g-jq9m-3q9v was published for glance (npm) Sep 2, 2020
Open Redirect in Next.js versions Moderate
CVE-2020-15242 was published for next (npm) Oct 8, 2020
Prototype Pollution in smart-extend Moderate
GHSA-f8h3-rqrm-47v9 was published for smart-extend (npm) Sep 2, 2020
Lack of URL normalization may lead to authorization bypass when URL access rules are used Moderate
CVE-2020-24660 was published for lemonldap-ng-handler (npm) Sep 9, 2020
Buffer Overflow in node-weakauras-parser Moderate
GHSA-86mr-6m89-vgj3 was published for node-weakauras-parser (npm) Sep 3, 2020
Sandbox Breakout / Prototype Pollution in notevil Moderate
GHSA-9gxr-rhx6-4jgv was published for notevil (npm) Sep 4, 2020
Denial of Service in handlebars Moderate
GHSA-f52g-6jhx-586p was published for handlebars (npm) Sep 3, 2020
User Impersonation in converse.js Moderate
CVE-2017-5858 was published for converse.js (npm) Sep 11, 2020
Reverse Tabnabbing in quill Moderate
GHSA-588m-9qg5-35pq was published for quill (npm) Sep 3, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-388g-jwpg-x6j4 was published for swagger-ui (npm) Sep 11, 2020
Cross-Site Scripting in serve Moderate
GHSA-cpgr-wmr9-qxv4 was published for serve (npm) Sep 11, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-vp93-gcx5-4w52 was published for swagger-ui (npm) Sep 11, 2020
Open Redirect in apostrophe Moderate
GHSA-h97g-4mx7-5p2p was published for apostrophe (npm) Sep 3, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-w992-2gmj-9xxj was published for swagger-ui (npm) Sep 11, 2020
Sensitive Data Exposure in ibm_db Moderate
GHSA-p77h-hv6g-fmfp was published for ibm_db (npm) Sep 3, 2020
Authentication Bypass in saml2-js Moderate
GHSA-mfcp-34xw-p57x was published for saml2-js (npm) Sep 3, 2020
XSS due to lack of CSRF validation for replying/publishing Moderate
CVE-2020-15156 was published for nodebb-plugin-blog-comments (npm) Aug 26, 2020
gwynnarth
Cross-Site Scripting in google-closure-library Moderate
GHSA-r9q4-w3fm-wrm2 was published for google-closure-library (npm) Sep 2, 2020
Directory Traversal in nhouston Moderate
CVE-2014-8883 was published for nhouston (npm) Aug 31, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database