Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,090 advisories

Loading
Path Traversal in serve-here.js High
GHSA-g8m7-qhv7-9h5x was published for serve-here (npm) Jul 5, 2019
Out-of-bounds Read in npmconf Moderate
GHSA-57cf-349j-352g was published for npmconf (npm) Jun 12, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Moderate
GHSA-69p9-9qm9-h447 was published for safer-eval (npm) Aug 19, 2020 withdrawn
Content injection in marked Moderate
GHSA-wjmf-58vc-xqjr was published for marked (npm) Feb 25, 2021 withdrawn
Regular Expression Denial of Service in braces Low
GHSA-g95f-p29q-9xw4 was published for braces (npm) Jun 6, 2019
Open Redirect in ecstatic Moderate
GHSA-x4rf-4mqf-cm8w was published for ecstatic (npm) Aug 19, 2020 withdrawn
Timing attack Low
GHSA-xm8r-5wh6-f46f was published for autobahn (pip) Feb 24, 2021 withdrawn
Cross-Site Scripting Moderate
GHSA-94ww-22rx-493x was published for flower (pip) Feb 24, 2021 withdrawn
Command Injection in dot Moderate
GHSA-4859-gpc7-4j66 was published for dot (npm) Jun 5, 2019
Rate Limiting Bypass in express-brute Moderate
GHSA-984p-xq9m-4rjw was published for express-brute (npm) Jun 7, 2019
Remote Code Execution in node-os-utils High
GHSA-j9f8-8h89-j69x was published for node-os-utils (npm) Jun 11, 2019
Reverse Tabnapping in swagger-ui Moderate
GHSA-x9p2-fxq6-2m5f was published for swagger-ui (npm) Jun 20, 2019
Cross-Site Request Forgery (CSRF) Moderate
GHSA-wj5j-xpcj-45gc was published for devise_invitable (RubyGems) Feb 24, 2021 withdrawn
Out-of-bounds Read in byte Moderate
GHSA-xm7f-x4wx-wmgv was published for byte (npm) Jun 4, 2019
Denial of Service High
GHSA-j95h-wmx9-4279 was published for sails (npm) Feb 25, 2021 withdrawn
Command Injection in open Critical
GHSA-28xh-wpgr-7fm8 was published for open (npm) Jun 20, 2019
SQL Injection in sql Moderate
GHSA-8f93-rv4p-x4jw was published for sql (npm) Jun 12, 2019
Cross-Site Scripting in ids-enterprise High
GHSA-crfx-5phg-hmw9 was published for ids-enterprise (npm) Jun 13, 2019
Denial of Service in mem Moderate
GHSA-4xcv-9jjx-gfj3 was published for mem (npm) Jul 5, 2019
Cross-Site Scripting via JSONP Moderate
GHSA-28hp-fgcr-2r4h was published for angular (npm) Jun 27, 2019
Cross-Site Scripting in @nuxt/devalue Moderate
CVE-2019-13506 was published for @nuxt/devalue (npm) Jul 16, 2019
Cross-Site Scripting in cyberchef Moderate
CVE-2019-15532 was published for cyberchef (npm) Aug 27, 2019
Message Signature Bypass in openpgp High
CVE-2019-9153 was published for openpgp (npm) Aug 23, 2019
Cross-Site Scripting in dojo Moderate
CVE-2010-2273 was published for dojo (npm) Sep 11, 2019
Cross-Site Scripting in keystone Moderate
GHSA-h29r-4vqp-8jxf was published for keystone (npm) Aug 20, 2020 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database