Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,382 advisories

Loading
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit High
GHSA-p94w-42g3-f7h4 was published for vp-toolkit (npm) Mar 6, 2020
Cross-Site Scripting in fileview High
CVE-2019-15602 was published for fileview (npm) Apr 1, 2020
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Downloads Resources over HTTP in selenium-download High
CVE-2016-10559 was published for selenium-download (npm) Feb 18, 2019
Downloads Resources over HTTP in alto-saxophone High
CVE-2016-10694 was published for alto-saxophone (npm) Jul 31, 2018
Prototype Pollution Protection Bypass in qs High
CVE-2017-1000048 was published for qs (npm) Apr 30, 2020
Downloads Resources over HTTP in selenium-standalone-painful High
CVE-2016-10679 was published for selenium-standalone-painful (npm) Feb 18, 2019
Regular Expression Denial of Service in websocket-extensions (NPM package) High
CVE-2020-7662 was published for websocket-extensions (npm) Jun 5, 2020
Path Traversal in simplehttpserver High
CVE-2018-16493 was published for static-resource-server (npm) Feb 7, 2019
Downloads Resources over HTTP in cmake High
CVE-2016-10642 was published for cmake (npm) Aug 15, 2018
Downloads Resources over HTTP in grunt-webdriver-qunit High
CVE-2016-10606 was published for grunt-webdriver-qunit (npm) Feb 18, 2019
Downloads Resources over HTTP in bkjs-wand High
CVE-2016-10571 was published for bkjs-wand (npm) Feb 18, 2019
Downloads Resources over HTTP in google-closure-tools-latest High
CVE-2016-10677 was published for google-closure-tools-latest (npm) Feb 18, 2019
Downloads Resources over HTTP in selenium-portal High
CVE-2016-10667 was published for selenium-portal (npm) Feb 18, 2019
Downloads Resources over HTTP in mystem3 High
CVE-2016-10626 was published for mystem3 (npm) Feb 18, 2019
Github Token Leak in aegir High
CVE-2017-16225 was published for aegir (npm) Jul 24, 2018
Regular Expression Denial of Service in negotiator High
CVE-2016-10539 was published for negotiator (npm) Oct 9, 2018
Directory Traversal in geddy High
CVE-2015-5688 was published for geddy (npm) Oct 24, 2017
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
Denial of Service in nes High
CVE-2017-16025 was published for nes (npm) Jul 24, 2018
Path Traversal in total.js High
CVE-2019-8903 was published for total.js (npm) Feb 20, 2019
Downloads Resources over HTTP in scala-bin High
CVE-2016-10627 was published for scala-bin (npm) Feb 18, 2019
Downloads Resources over HTTP in ntfserver High
CVE-2016-10650 was published for ntfserver (npm) Feb 18, 2019
Downloads Resources over HTTP in massif High
CVE-2016-10682 was published for massif (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API