GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,098 advisories
Filter by severity
Moderate severity vulnerability that affects moment
Moderate
GHSA-hxf5-mg84-pj4m
was published
for
moment
(npm)
Jul 31, 2018
•
withdrawn
Sandbox Breakout / Arbitrary Code Execution in static-eval
Moderate
CVE-2017-16226
was published
for
static-eval
(npm)
Aug 6, 2018
metascraper before v5.2.0 vulnerable to stored cross-site scripting
Moderate
CVE-2018-3773
was published
for
metascraper
(npm)
Aug 8, 2018
superagent vulnerable to zip bomb attacks
Moderate
CVE-2017-16129
was published
for
superagent
(npm)
Aug 9, 2018
Hijacked Environment Variables in proxy.js
Moderate
CVE-2017-16076
was published
for
proxy.js
(npm)
Aug 29, 2018
Directory Traversal in easyquick
Moderate
CVE-2017-16109
was published
for
easyquick
(npm)
Aug 29, 2018
Pandao editor.md vulnerable to XSS in IMG attributes
Moderate
CVE-2018-16330
was published
for
editor.md
(npm)
Sep 6, 2018
Cross-Site Scripting in exceljs
Moderate
CVE-2018-16459
was published
for
exceljs
(npm)
Sep 11, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Directory Traversal in augustine
Moderate
CVE-2017-0930
was published
for
augustine
(npm)
Sep 18, 2018
Cross-Site Scripting in sexstatic
Moderate
CVE-2018-3755
was published
for
sexstatic
(npm)
Oct 1, 2018
Denial of Service in protobufjs
Moderate
CVE-2018-3738
was published
for
protobufjs
(npm)
Oct 9, 2018
Moderate severity vulnerability that affects send
Moderate
GHSA-pgv6-jrvv-75jp
was published
for
send
(npm)
Oct 9, 2018
•
withdrawn
Moderate severity vulnerability that affects mustache
Moderate
GHSA-3233-rgx3-c2wh
was published
for
mustache
(npm)
Oct 9, 2018
•
withdrawn
Cryptographically Weak PRNG in randomatic
Moderate
CVE-2017-16028
was published
for
randomatic
(npm)
Oct 9, 2018
ProTip!
Advisories are also available from the
GraphQL API