Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,610 advisories

Loading
Insecure serialization leading to RCE in serialize-javascript High
CVE-2020-7660 was published for serialize-javascript (npm) Aug 11, 2020
Cross-Site Scripting in Prism High
CVE-2020-15138 was published for prismjs (npm) Aug 7, 2020
masatokinugawa
Withdrawn High
GHSA-wx84-69jh-jjp2 was published for sshpk (npm) Aug 3, 2020 withdrawn
Withdrawn High
GHSA-p56r-jr4p-4wgh was published for whereis (npm) Aug 3, 2020 withdrawn
dot-prop Prototype Pollution vulnerability High
CVE-2020-8116 was published for dot-prop (npm) Jul 29, 2020
Signature Malleabillity in elliptic High
CVE-2020-13822 was published for elliptic (npm) Jul 29, 2020
Directory traversal in rollup-plugin-server High
CVE-2020-7686 was published for rollup-plugin-server (npm) Jul 29, 2020
Directory traversal in rollup-plugin-server High
CVE-2020-7683 was published for rollup-plugin-server (npm) Jul 29, 2020
Authorization header is not sanitized in an error object in auth0 High
CVE-2020-15125 was published for auth0 (npm) Jul 29, 2020
osdiab
Command Injection in git-tags-remote High
GHSA-gm9x-q798-hmr4 was published for git-tags-remote (npm) Jul 29, 2020
Directory traversal in fast-http High
CVE-2020-7687 was published for fast-http (npm) Jul 27, 2020
Improper Input Validation in sails-hook-sockets High
CVE-2018-21036 was published for sails-hook-sockets (npm) Jul 24, 2020
Prototype Pollution in lodash High
CVE-2020-8203 was published for lodash (RubyGems) Jul 15, 2020
mitchell-codecov jkmartindale
bengry greengeko tompazourek G-Rath
Stored XSS in TimelineJS3 High
CVE-2020-15092 was published for @knight-lab/timelinejs (npm) Jul 9, 2020
captainGeech42 JoeGermuska
Path Traversal in socket.io-file High
CVE-2020-15779 was published for socket.io-file (npm) Jul 7, 2020
Context isolation bypass via contextBridge in Electron High
CVE-2020-4077 was published for electron (npm) Jul 7, 2020
Context isolation bypass via leaked cross-context objects in Electron High
CVE-2020-4076 was published for electron (npm) Jul 7, 2020
Authorization bypass in express-jwt High
CVE-2020-15084 was published for express-jwt (npm) Jun 30, 2020
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign High
CVE-2020-14966 was published for jsrsasign (npm) Jun 26, 2020
Regular expression denial of service in url-regex High
CVE-2020-7661 was published for url-regex (npm) Jun 22, 2020
Command injection in mversion High
CVE-2020-4059 was published for mversion (npm) Jun 18, 2020
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Reflected XSS in GraphQL Playground High
CVE-2020-4038 was published for graphql-playground-html (npm) Jun 9, 2020
Regular Expression Denial of Service in websocket-extensions (NPM package) High
CVE-2020-7662 was published for websocket-extensions (npm) Jun 5, 2020
Information Exposure in Snyk Broker High
CVE-2020-7654 was published for snyk-broker (npm) Jun 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database