Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,596 advisories

Loading
windows-build-tools downloads Resources over HTTP High
CVE-2017-16003 was published for windows-build-tools (npm) Nov 9, 2018
sqlserver is malware High
CVE-2017-16055 was published for sqlserver (npm) Nov 9, 2018
Header Forgery in http-signature High
CVE-2017-16005 was published for http-signature (npm) Nov 9, 2018
Denial of Service in ethereumjs-vm High
CVE-2018-19183 was published for ethereumjs-vm (npm) Nov 21, 2018
Missing Origin Validation in webpack-dev-server High
CVE-2018-14732 was published for webpack-dev-server (npm) Jan 4, 2019
NikoRaisanen
react-dev-utils on Windows vulnerable to Remote Code Execution High
CVE-2018-6342 was published for react-dev-utils (npm) Jan 4, 2019
rendertron can remotely shut down Chrome instance High
CVE-2017-18353 was published for rendertron (npm) Jan 4, 2019
rendertron LFI vulnerability High
CVE-2017-18354 was published for rendertron (npm) Jan 4, 2019
xterm vulnerable to remote code execution High
CVE-2019-0542 was published for xterm (npm) Jan 14, 2019
Churro
Path Traversal in http-live-simulator High
CVE-2018-16479 was published for http-live-simulator (npm) Feb 7, 2019
mcstatic directory traversal vulnerability High
CVE-2018-16482 was published for mcstatic (npm) Feb 7, 2019
Authentication Bypass by Spoofing in express-cart High
CVE-2018-16483 was published for express-cart (npm) Feb 7, 2019
Prototype Pollution in lodash High
CVE-2018-16487 was published for lodash (RubyGems) Feb 7, 2019
G-Rath
Prototype Pollution in mpath High
CVE-2018-16490 was published for mpath (npm) Feb 7, 2019
Path Traversal in simplehttpserver High
CVE-2018-16493 was published for static-resource-server (npm) Feb 7, 2019
Path Traversal in cordova-plugin-ionic-webview High
CVE-2018-16202 was published for cordova-plugin-ionic-webview (npm) Feb 12, 2019
Rendertron discloses absolute paths of files High
CVE-2017-18355 was published for rendertron (npm) Feb 12, 2019
chromedriver126 downloads Resources over HTTP High
CVE-2016-10609 was published for chromedriver126 (npm) Feb 18, 2019
Downloads Resources over HTTP in openframe-glslviewer High
CVE-2016-10607 was published for openframe-glslviewer (npm) Feb 18, 2019
Downloads Resources over HTTP in air-sdk High
CVE-2016-10603 was published for air-sdk (npm) Feb 18, 2019
Downloads Resources over HTTP in webdrvr High
CVE-2016-10601 was published for webdrvr (npm) Feb 18, 2019
sauce-connect downloads Resources over HTTP High
CVE-2016-10599 was published for sauce-connect (npm) Feb 18, 2019
Downloads Resources over HTTP in cobalt-cli High
CVE-2016-10597 was published for cobalt-cli (npm) Feb 18, 2019
jdf-sass downloads Resources over HTTP High
CVE-2016-10595 was published for jdf-sass (npm) Feb 18, 2019
ibapi downloads Resources over HTTP High
CVE-2016-10593 was published for ibapi (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database