Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,510 advisories

Loading
Command Injection in macaddress High
GHSA-q9r2-f3vc-rjg8 was published for macaddress (npm) Aug 19, 2020 withdrawn
Path Traversal in localhost-now High
GHSA-73cw-jxmm-qpgh was published for localhost-now (npm) Jun 11, 2019
Regular Expression Denial of Service in is-my-json-valid Low
GHSA-4x7c-cx64-49w8 was published for is-my-json-valid (npm) Aug 19, 2020 withdrawn
Cross-Site Scripting in ids-enterprise High
GHSA-hpfq-8wx8-cgqw was published for ids-enterprise (npm) Jun 13, 2019
Cross-Site Scripting in ids-enterprise High
GHSA-49r3-3h96-rwj6 was published for ids-enterprise (npm) Jun 13, 2019
Remote code execution in Handlebars.js Moderate
GHSA-6r5x-hmgg-7h53 was published for handlebars (npm) Jul 15, 2019 withdrawn
Regular Expression Denial of Service Moderate
GHSA-jcgq-xh2f-2hfm was published for eslint (npm) Feb 25, 2021 withdrawn
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople Critical
GHSA-4vmm-mhcq-4x9j was published for constantinople (npm) Jun 14, 2019
Denial of Service in protobufjs Moderate
GHSA-4gpv-cvmq-6526 was published for protobufjs (npm) Aug 19, 2020 withdrawn
Memory Exposure in bl Moderate
GHSA-wrw9-m778-g6mc was published for bl (npm) Jun 3, 2019
Privilege Escalation in express-cart Critical
GHSA-3fc5-9x9m-vqc4 was published for express-cart (npm) Jun 3, 2019
Sensitive Data Exposure in pem Critical
GHSA-pgcr-7wm4-mcv6 was published for pem (npm) Jun 4, 2019
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (npm) Jul 19, 2019
mitchell-codecov
Insecure Default Configuration in tesseract.js Moderate
GHSA-83rx-c8cr-6j8q was published for tesseract.js (npm) Jun 5, 2019
NoSQL Injection in loopback-connector-mongodb High
GHSA-m734-r4g6-34f9 was published for loopback-connector-mongodb (npm) Jun 4, 2019
Denial of Service in js-yaml Moderate
GHSA-2pr6-76vf-7546 was published for js-yaml (npm) Jun 5, 2019
Command Injection in opencv Low
GHSA-f698-m2v9-5fh3 was published for opencv (npm) Jun 4, 2019
HTML tag injection Moderate
GHSA-9vhv-p9r7-rm53 was published for serve-handler (npm) Feb 23, 2021 withdrawn
Signature Verification Bypass in jwt-simple High
GHSA-8v5f-hp78-jgxq was published for jwt-simple (npm) Jun 6, 2019
Prototype Pollution in @apollo/gateway High
GHSA-74cr-77xc-8g6r was published for @apollo/gateway (npm) Jun 13, 2019
Prototype Pollution in upmerge Moderate
GHSA-gm9g-2g8v-fvxj was published for upmerge (npm) Jun 6, 2019
Prototype Pollution in lutils-merge Moderate
GHSA-f7qw-5pvg-mmwp was published for lutils-merge (npm) Jun 13, 2019
Regular Expression Denial of Service Moderate
GHSA-qx4v-6gc5-f2vv was published for esm (npm) Jun 20, 2019
Directory Traversal in lactate High
GHSA-68gr-cmcp-g3mj was published for lactate (npm) Jun 14, 2019
Regular Expression Denial of Service in underscore.string Moderate
GHSA-v2p6-4mp7-3r9v was published for underscore.string (npm) Jun 14, 2019
ProTip! Advisories are also available from the GraphQL API