Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,598 advisories

Loading
Cross-Site Scripting in semantic-ui-search High
GHSA-p9vv-3945-x93h was published for semantic-ui-search (npm) Sep 2, 2020
Sensitive Data Exposure in rails-session-decoder High
GHSA-44vf-8ffm-v2qh was published for rails-session-decoder (npm) Sep 2, 2020
Command Injection in cocos-utils High
GHSA-rffp-mc78-wjf7 was published for cocos-utils (npm) Sep 2, 2020
Arbitrary JavaScript Execution in typed-function High
CVE-2017-1001004 was published for typed-function (npm) Sep 2, 2020
Remote Code Execution in pi_video_recording High
GHSA-9wjh-jr2j-6r4x was published for pi_video_recording (npm) Sep 2, 2020
Cross-Site Scripting in react-marked-markdown High
GHSA-m7qm-r2r5-f77q was published for react-marked-markdown (npm) Sep 1, 2020
Denial of Service in ethereumjs-vm High
CVE-2018-19183 was published for ethereumjs-vm (npm) Nov 21, 2018
Cross-Site Scripting in mrk.js High
GHSA-hpr5-wp7c-hh5q was published for mrk.js (npm) Sep 1, 2020
Denial of Service in mqtt High
CVE-2016-1000242 was published for mqtt (npm) Sep 1, 2020
Denial of Service in uws High
CVE-2016-10544 was published for uws (npm) Sep 1, 2020
Downloads Resources over HTTP in roslib-socketio High
CVE-2016-10681 was published for roslib-socketio (npm) Sep 1, 2020
Denial of Service in yar High
CVE-2014-4179 was published for yar (npm) Sep 1, 2020
Forgeable Public/Private Tokens in jws High
CVE-2016-1000223 was published for jws (npm) Sep 1, 2020
Directory Traversal in st High
CVE-2014-3744 was published for st (npm) Aug 31, 2020
Context isolation bypass via leaked cross-context objects in Electron High
CVE-2020-4076 was published for electron (npm) Jul 7, 2020
Authorization header is not sanitized in an error object in auth0 High
CVE-2020-15125 was published for auth0 (npm) Jul 29, 2020
osdiab
Command Injection in git-tags-remote High
GHSA-gm9x-q798-hmr4 was published for git-tags-remote (npm) Jul 29, 2020
Auth0-js bypasses CSRF checks High
CVE-2018-7307 was published for auth0-js (npm) Mar 7, 2018
Cross-Site Scripting in node-red High
GHSA-5g6j-8hv4-vfgj was published for node-red (npm) Sep 11, 2020
Path Traversal in bruteser High
GHSA-v7cp-5326-54fh was published for bruteser (npm) Sep 3, 2020
Downloads Resources over HTTP in broccoli-closure High
CVE-2016-10635 was published for broccoli-closure (npm) Feb 18, 2019
Remote Code Execution in electron High
CVE-2018-1000006 was published for electron (npm) Jan 23, 2018
Downloads Resources over HTTP in aerospike High
CVE-2016-10558 was published for aerospike (npm) Feb 18, 2019
Downloads Resources over HTTP in js-given High
CVE-2016-10638 was published for js-given (npm) Feb 18, 2019
Sandbox Breakout / Arbitrary Code Execution in static-eval High
GHSA-x9hc-rw35-f44h was published for static-eval (npm) Sep 2, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database