GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,438 advisories
Filter by severity
Directory Traversal in lactate
High
GHSA-68gr-cmcp-g3mj
was published
for
lactate
(npm)
Jun 14, 2019
Cross-Site Scripting (XSS) in cloudcmd
High
GHSA-m8fw-534v-xm85
was published
for
cloudcmd
(npm)
Jun 4, 2019
Denial of Service in https-proxy-agent
High
GHSA-qrg3-f6h6-vq8q
was published
for
https-proxy-agent
(npm)
Aug 19, 2020
•
withdrawn
Command Injection in wiki-plugin-datalog
High
GHSA-pm52-wwrw-c282
was published
for
wiki-plugin-datalog
(npm)
Jun 13, 2019
Path Traversal in serve-here.js
High
GHSA-g8m7-qhv7-9h5x
was published
for
serve-here
(npm)
Jul 5, 2019
Remote Code Execution in node-os-utils
High
GHSA-j9f8-8h89-j69x
was published
for
node-os-utils
(npm)
Jun 11, 2019
Cross-Site Scripting in ids-enterprise
High
GHSA-crfx-5phg-hmw9
was published
for
ids-enterprise
(npm)
Jun 13, 2019
Remote Code Execution in Angular Expressions
High
CVE-2020-5219
was published
for
angular-expressions
(npm)
Jan 24, 2020
Path Traversal in algo-httpserv
High
GHSA-cgjv-rghq-qhgp
was published
for
algo-httpserv
(npm)
Sep 11, 2019
Improper Key Verification in openpgp
High
CVE-2019-9154
was published
for
openpgp
(npm)
Aug 23, 2019
Arbitrary File Write in iobroker.js-controller
High
CVE-2019-10767
was published
for
iobroker.js-controller
(npm)
Dec 2, 2019
Regular Expression Denial of Service in Acorn
High
GHSA-6chw-6frg-f759
was published
for
acorn
(npm)
Apr 3, 2020
Insecure Entropy Source - Math.random() in node-uuid
High
CVE-2015-8851
was published
for
node-uuid
(npm)
Apr 16, 2020
Incorrect Account Used for Signing
High
GHSA-vg44-fw64-cpjx
was published
for
@metamask/eth-ledger-bridge-keyring
(npm)
Mar 24, 2020
discord-html not escaping HTML code blocks when lacking a language identifier
High
GHSA-9r27-994c-4xch
was published
for
discord-markdown
(npm)
Feb 24, 2020
Downloads Resources over HTTP in rs-brightcove
High
CVE-2016-10676
was published
for
rs-brightcove
(npm)
Feb 18, 2019
codecov NPM module allows remote attackers to execute arbitrary commands
High
CVE-2020-7597
was published
for
codecov
(npm)
Feb 19, 2020
Reflected XSS in GraphQL Playground
High
CVE-2020-4038
was published
for
graphql-playground-html
(npm)
Jun 9, 2020
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit
High
GHSA-p94w-42g3-f7h4
was published
for
vp-toolkit
(npm)
Mar 6, 2020
ProTip!
Advisories are also available from the
GraphQL API