Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,598 advisories

Loading
Command injection in simple-git High
CVE-2022-24433 was published for simple-git (npm) Mar 12, 2022
Prototype Pollution in chartkick High
CVE-2019-18841 was published for chartkick (RubyGems) Dec 2, 2019
RSSHub SSRF vulnerability High
CVE-2023-22493 was published for rsshub (npm) Jan 11, 2023
dwisiswant0
gatsby-transformer-remark has possible unsanitized JavaScript code injection High
CVE-2023-22491 was published for gatsby-transformer-remark (npm) Jan 11, 2023
d3-color vulnerable to ReDoS High
GHSA-36jr-mh4h-2g58 was published for d3-color (npm) Sep 29, 2022
generator-jhipster vulnerable to login check Regular Expression Denial of Service High
GHSA-8w7w-67mw-r5p7 was published for generator-jhipster (npm) Oct 6, 2022
Sails before 0.12.7 vulnerable to Broken CORS High
CVE-2016-10549 was published for sails (npm) Feb 18, 2019
xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion High
GHSA-c27r-x354-4m68 was published for xml-crypto (npm) Oct 27, 2020
bawolff
steroids downloads resources over HTTP High
CVE-2016-10581 was published for steroids (npm) Feb 18, 2019
Electron webPreferences vulnerability can be used to perform remote code execution High
CVE-2018-15685 was published for electron (npm) Aug 23, 2018
selenium-binaries downloads resources over HTTP High
CVE-2016-10589 was published for selenium-binaries (npm) Feb 18, 2019
fuelux vulnerable to Cross-Site Scripting in Pillbox feature High
CVE-2016-1000235 was published for fuelux (npm) Sep 1, 2020
Removal of functional code in faker.js High
GHSA-5w9c-rv96-fr7g was published for faker (npm) Mar 22, 2022
Server-Side Request Forgery in html-pdf-chrome High
GHSA-5p98-wpc9-g498 was published for html-pdf-chrome (npm) Sep 4, 2020
westy92
SQL Injection in connect-pg-simple High
CVE-2019-15658 was published for connect-pg-simple (npm) Aug 26, 2019
Execution with Unnecessary Privileges in arc-electron High
GHSA-v3wr-67px-44xg was published for @advanced-rest-client/base (npm) Mar 3, 2022
Infinite loop causing Denial of Service in colors High
GHSA-5rqg-jm4f-cqx7 was published for Colors (npm) Jan 10, 2022
G-Rath
RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend High
GHSA-2g8g-63j4-9w3r was published for @backstage/plugin-scaffolder-backend (npm) Dec 1, 2021
Insufficient Session Expiration in @cyyynthia/tokenize High
GHSA-jcjx-c3j3-44pr was published for @cyyynthia/tokenize (npm) Nov 10, 2021
williamwa
Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server) High
GHSA-qm7x-rc44-rrqw was published for apollo-server (npm) Nov 8, 2021
Ry0taK
Arbitrary Code Execution in json-ptr High
GHSA-rrqv-vjrw-hrcr was published for json-ptr (npm) May 26, 2021
Prototype Pollution in mixme High
GHSA-84p7-fh9c-6g8h was published for mixme (npm) Sep 20, 2021
Improperly Controlled Modification of Object Prototype Attributes High
GHSA-6cj2-92m5-7mvp was published for think-config (npm) Aug 3, 2021
yoshino-s
Arbitrary code execution in ExifTool High
GHSA-4whq-r978-2x68 was published for exiftool-vendored (npm) May 4, 2021
boardhead wbowling
Vulnerability allowing for reading internal HTTP resources High
GHSA-hfwx-c7q6-g54c was published for highcharts-export-server (npm) Mar 12, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database