Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,610 advisories

Loading
Denial of Service in mqtt High
CVE-2016-1000242 was published for mqtt (npm) Sep 1, 2020
Cross-Site Scripting (XSS) in pivottable High
CVE-2016-1000241 was published for pivottable (npm) Sep 1, 2020
fuelux vulnerable to Cross-Site Scripting in Pillbox feature High
CVE-2016-1000235 was published for fuelux (npm) Sep 1, 2020
Cross-Site Scripting in swagger-ui High
CVE-2016-1000233 was published for swagger-ui (npm) Sep 1, 2020
tdunlap607
Cross-Site Scripting in jqtree High
CVE-2016-1000234 was published for jqtree (npm) Sep 1, 2020
Cross-Site Scripting in emojione High
CVE-2016-1000231 was published for emojione (npm) Sep 1, 2020
tdunlap607
XSS in client rendered block templates in rendr High
CVE-2016-1000230 was published for rendr (npm) Sep 1, 2020
DOM-based XSS in gmail-js High
CVE-2016-1000228 was published for gmail-js (npm) Sep 1, 2020
Cross-Site Scripting in bootstrap-tagsinput High
CVE-2016-1000227 was published for bootstrap-tagsinput (npm) Sep 1, 2020
Forgeable Public/Private Tokens in jws High
CVE-2016-1000223 was published for jws (npm) Sep 1, 2020
Regular Expression Denial of Service in ansi2html High
CVE-2015-9239 was published for ansi2html (npm) Sep 1, 2020
Denial of Service in yar High
CVE-2014-4179 was published for yar (npm) Sep 1, 2020
Regular Expression Denial of Service in validator High
CVE-2014-8882 was published for validator (npm) Aug 31, 2020
Directory Traversal in st High
CVE-2014-3744 was published for st (npm) Aug 31, 2020
Content Injection in remarkable High
CVE-2014-10065 was published for remarkable (npm) Aug 31, 2020
tdunlap607
LDAP Injection in ldapauth High
CVE-2015-7294 was published for ldapauth (npm) Aug 31, 2020
Directory Traversal in fancy-server High
CVE-2014-10066 was published for fancy-server (npm) Aug 31, 2020
Unauthenticated Remote Command Injection in ep_imageconvert High
CVE-2013-3364 was published for ep_imageconvert (npm) Aug 31, 2020
DataTable Vulnerable to Cross-Site Scripting High
CVE-2015-6584 was published for datatables (Composer) Aug 31, 2020
Cross-Site Scripting in highcharts High
GHSA-gr4j-r575-g665 was published for highcharts (npm) Aug 25, 2020
Windforce17
Command Injection in macaddress High
GHSA-q9r2-f3vc-rjg8 was published for macaddress (npm) Aug 19, 2020 withdrawn
Denial of Service in https-proxy-agent High
GHSA-qrg3-f6h6-vq8q was published for https-proxy-agent (npm) Aug 19, 2020 withdrawn
SQL Injection in waterline-sequel High
GHSA-mpcx-8qqw-rmcq was published for waterline-sequel (npm) Aug 19, 2020 withdrawn
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8205 was published for @uppy/companion (npm) Aug 13, 2020
Cross-Site Scripting in @progress/kendo-angular-editor High
GHSA-j7wp-vjj6-cp5m was published for @progress/kendo-angular-editor (npm) Aug 11, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database