Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Cross-Site Scripting in yui Moderate
CVE-2013-4939 was published for yui (npm) Sep 1, 2020
Sandbox Breakout / Arbitrary Code Execution in sandbox Moderate
GHSA-fm4j-4xhm-xpwx was published for sandbox (npm) Sep 2, 2020
HTML Injection in marky-markdown Moderate
GHSA-pxmp-fwjc-4x7q was published for marky-markdown (npm) Sep 3, 2020
Local File Inclusion in domokeeper Moderate
GHSA-cr67-78jr-j94p was published for domokeeper (npm) Sep 3, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-22q9-hqm5-mhmc was published for swagger-ui (npm) Sep 11, 2020
Prototype Pollution in mergify Moderate
GHSA-3f95-w5h5-fq86 was published for mergify (npm) Sep 11, 2020
Path Traversal in public Moderate
GHSA-4vvp-x9h2-x2vf was published for public (npm) Sep 3, 2020
Web Cache Poisoning in find-my-way Moderate
CVE-2020-7764 was published for find-my-way (npm) Nov 9, 2020
Unintended Require in larvitbase-www Moderate
GHSA-88h9-fc6v-jcw7 was published for larvitbase-www (npm) Sep 3, 2020
Configuration Override in helmet-csp Moderate
GHSA-c3m8-x3cg-qm2c was published for helmet-csp (npm) Sep 3, 2020
Denial of Service in ecstatic Moderate
CVE-2019-10775 was published for ecstatic (npm) Dec 15, 2020
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment erik-krogh
kurt-r2c
Prototype Pollution in systeminformation Moderate
CVE-2020-26245 was published for systeminformation (npm) Nov 27, 2020
Potential XSS in jQuery dependency in Mirador Moderate
GHSA-hgwm-pv9h-q5m7 was published for mirador (npm) Sep 18, 2020
Cross-Site Scripting in mavon-editor Moderate
GHSA-jfcc-rm7f-xgf8 was published for mavon-editor (npm) Sep 3, 2020
Signatures are mistakenly recognized to be valid in jsrsasign Moderate
GHSA-h87q-g2wp-47pj was published for jsrsasign (npm) Feb 9, 2022
Outdated Static Dependency in vue-moment Moderate
GHSA-hrpp-f84w-xhfg was published for vue-moment (npm) Sep 4, 2020
Out-of-Bounds read in stringstream Moderate
GHSA-qpw2-xchm-655q was published for stringstream (npm) Jan 6, 2022 withdrawn
Code Injection in mquery Moderate
CVE-2020-35149 was published for mquery (npm) Dec 18, 2020
OS Command Injection in node-notifier Moderate
CVE-2020-7789 was published for node-notifier (npm) Dec 21, 2020
Verification flaw in Solid identity-token-verifier Moderate
GHSA-xmh9-rg6f-j3mr was published for @solid/identity-token-verifier (npm) Mar 12, 2021
File upload local preview can run embedded scripts after user interaction Moderate
GHSA-8796-gc9j-63rv was published for matrix-react-sdk (npm) May 17, 2021
MR-ZHEEV
Denial of Service in node-static Moderate
GHSA-8r4g-cg4m-x23c was published for node-static (npm) Sep 22, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
GHSA-5vm8-hhgr-jcjp was published for tinymce (npm) May 28, 2021
Member account takeover Moderate
GHSA-65p7-pjj8-ggmr was published for ghost (npm) Sep 23, 2021
allouis
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database