Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,598 advisories

Loading
Directory Traversal in hostr High
CVE-2017-16029 was published for hostr (npm) Nov 9, 2018
gruntcli is malware High
CVE-2017-16058 was published for gruntcli (npm) Nov 9, 2018
mssql-node is malware High
CVE-2017-16059 was published for mssql-node (npm) Nov 9, 2018
mssql.js is malware High
CVE-2017-16056 was published for mssql.js (npm) Nov 9, 2018
nodemssql is malware High
CVE-2017-16057 was published for nodemssql (npm) Nov 9, 2018
Prototype Pollution in cached-path-relative High
CVE-2018-16472 was published for cached-path-relative (npm) Nov 7, 2018
Insecure randomness in socket.io High
CVE-2017-16031 was published for socket.io (npm) Nov 7, 2018
Cross-Site Request Forgery (CSRF) in Auth0 High
CVE-2018-6874 was published for auth0-js (npm) Nov 6, 2018
Path Traversal in knightjs High
CVE-2018-16475 was published for knightjs (npm) Nov 6, 2018
node-tkinter is malware High
CVE-2017-16062 was published for node-tkinter (npm) Nov 1, 2018
tkinter is malware High
CVE-2017-16061 was published for tkinter (npm) Nov 1, 2018
Prototype Pollution in merge High
CVE-2018-16469 was published for merge (npm) Nov 1, 2018
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
Private Data Disclosure in express-restify-mongoose High
CVE-2016-10533 was published for express-restify-mongoose (npm) Oct 23, 2018
tdunlap607
mongose is malware High
CVE-2017-16077 was published for mongose (npm) Oct 10, 2018
node-openssl is malware High
CVE-2017-16064 was published for node-openssl (npm) Oct 10, 2018
Denial of Service via malformed accept-encoding header in hapi High
CVE-2017-16013 was published for hapi (npm) Oct 9, 2018
High severity vulnerability that affects qs High
GHSA-crvj-3gj9-gm2p was published for qs (npm) Oct 9, 2018 withdrawn
Regular Expression Denial of Service in minimatch High
CVE-2016-10540 was published for minimatch (npm) Oct 9, 2018
High severity vulnerability that affects uglify-js High
GHSA-g6f4-j6c2-w3p3 was published for uglify-js (npm) Oct 9, 2018 withdrawn
Denial-of-Service Extended Event Loop Blocking in qs High
CVE-2014-10064 was published for qs (npm) Oct 9, 2018
Regular Expression Denial of Service in negotiator High
CVE-2016-10539 was published for negotiator (npm) Oct 9, 2018
node-opensl is malware High
CVE-2017-16063 was published for node-opensl (npm) Oct 3, 2018
Downloads Resources over HTTP in node-bsdiff-android High
CVE-2016-10641 was published for node-bsdiff-android (npm) Sep 18, 2018
apk-parser2 downloads Resources over HTTP High
CVE-2016-10632 was published for apk-parser2 (npm) Sep 18, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database