Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,510 advisories

Loading
Failure to sanitize quotes which can lead to sql injection in squel Critical
GHSA-4qhx-g9wp-g9m6 was published for squel (npm) Jun 14, 2019
Arbitrary Code Injection in mobile-icon-resizer Moderate
GHSA-mxjr-xmcg-fg7w was published for mobile-icon-resizer (npm) Jun 27, 2019
Cross-Site Scripting in marked Moderate
GHSA-8wp3-cp9v-44fm was published for marked (npm) Feb 25, 2021 withdrawn
Denial of Service in url-relative Moderate
GHSA-86p3-4gfq-38f2 was published for url-relative (npm) Jun 5, 2019
Cross-Site Scripting (XSS) in cloudcmd High
GHSA-m8fw-534v-xm85 was published for cloudcmd (npm) Jun 4, 2019
Path Traversal in statics-server Moderate
GHSA-74cp-qw7f-7hpw was published for statics-server (npm) Jun 5, 2019
Versions 0.3.2 and earlier of marked are affected by a cross-site scripting vulnerability even... Moderate
GHSA-32vw-r77c-gm67 was published for marked (npm) Aug 3, 2020 withdrawn
Regular Expression Denial of Service in highcharts Moderate
GHSA-m45f-4828-5cv5 was published for highcharts (npm) Aug 19, 2020 withdrawn
Memory Exposure in concat-stream Moderate
GHSA-g74r-ffvr-5q9f was published for concat-stream (npm) Jun 3, 2019
Denial of Service in https-proxy-agent High
GHSA-qrg3-f6h6-vq8q was published for https-proxy-agent (npm) Aug 19, 2020 withdrawn
Sensitive Data Exposure in sequelize-cli Low
GHSA-3xc7-xg67-pw99 was published for sequelize-cli (npm) Jun 5, 2019
Remote Memory Exposure in floody Moderate
GHSA-3p92-886g-qxpq was published for floody (npm) Jun 4, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Moderate
GHSA-69p9-9qm9-h447 was published for safer-eval (npm) Aug 19, 2020 withdrawn
Content injection in marked Moderate
GHSA-wjmf-58vc-xqjr was published for marked (npm) Feb 25, 2021 withdrawn
Regular Expression Denial of Service in braces Low
GHSA-g95f-p29q-9xw4 was published for braces (npm) Jun 6, 2019
Open Redirect in ecstatic Moderate
GHSA-x4rf-4mqf-cm8w was published for ecstatic (npm) Aug 19, 2020 withdrawn
Command Injection in wiki-plugin-datalog High
GHSA-pm52-wwrw-c282 was published for wiki-plugin-datalog (npm) Jun 13, 2019
Out-of-bounds Read in npmconf Moderate
GHSA-57cf-349j-352g was published for npmconf (npm) Jun 12, 2019
Path Traversal in serve-here.js High
GHSA-g8m7-qhv7-9h5x was published for serve-here (npm) Jul 5, 2019
Out-of-bounds Read in byte Moderate
GHSA-xm7f-x4wx-wmgv was published for byte (npm) Jun 4, 2019
Command Injection in dot Moderate
GHSA-4859-gpc7-4j66 was published for dot (npm) Jun 5, 2019
Rate Limiting Bypass in express-brute Moderate
GHSA-984p-xq9m-4rjw was published for express-brute (npm) Jun 7, 2019
Reverse Tabnapping in swagger-ui Moderate
GHSA-x9p2-fxq6-2m5f was published for swagger-ui (npm) Jun 20, 2019
Remote Code Execution in node-os-utils High
GHSA-j9f8-8h89-j69x was published for node-os-utils (npm) Jun 11, 2019
Denial of Service High
GHSA-j95h-wmx9-4279 was published for sails (npm) Feb 25, 2021 withdrawn
ProTip! Advisories are also available from the GraphQL API