GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,510 advisories
Filter by severity
Failure to sanitize quotes which can lead to sql injection in squel
Critical
GHSA-4qhx-g9wp-g9m6
was published
for
squel
(npm)
Jun 14, 2019
Arbitrary Code Injection in mobile-icon-resizer
Moderate
GHSA-mxjr-xmcg-fg7w
was published
for
mobile-icon-resizer
(npm)
Jun 27, 2019
Cross-Site Scripting in marked
Moderate
GHSA-8wp3-cp9v-44fm
was published
for
marked
(npm)
Feb 25, 2021
•
withdrawn
Denial of Service in url-relative
Moderate
GHSA-86p3-4gfq-38f2
was published
for
url-relative
(npm)
Jun 5, 2019
Cross-Site Scripting (XSS) in cloudcmd
High
GHSA-m8fw-534v-xm85
was published
for
cloudcmd
(npm)
Jun 4, 2019
Path Traversal in statics-server
Moderate
GHSA-74cp-qw7f-7hpw
was published
for
statics-server
(npm)
Jun 5, 2019
Versions 0.3.2 and earlier of marked are affected by a cross-site scripting vulnerability even...
Moderate
GHSA-32vw-r77c-gm67
was published
for
marked
(npm)
Aug 3, 2020
•
withdrawn
Regular Expression Denial of Service in highcharts
Moderate
GHSA-m45f-4828-5cv5
was published
for
highcharts
(npm)
Aug 19, 2020
•
withdrawn
Memory Exposure in concat-stream
Moderate
GHSA-g74r-ffvr-5q9f
was published
for
concat-stream
(npm)
Jun 3, 2019
Denial of Service in https-proxy-agent
High
GHSA-qrg3-f6h6-vq8q
was published
for
https-proxy-agent
(npm)
Aug 19, 2020
•
withdrawn
Sensitive Data Exposure in sequelize-cli
Low
GHSA-3xc7-xg67-pw99
was published
for
sequelize-cli
(npm)
Jun 5, 2019
Remote Memory Exposure in floody
Moderate
GHSA-3p92-886g-qxpq
was published
for
floody
(npm)
Jun 4, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Moderate
GHSA-69p9-9qm9-h447
was published
for
safer-eval
(npm)
Aug 19, 2020
•
withdrawn
Content injection in marked
Moderate
GHSA-wjmf-58vc-xqjr
was published
for
marked
(npm)
Feb 25, 2021
•
withdrawn
Regular Expression Denial of Service in braces
Low
GHSA-g95f-p29q-9xw4
was published
for
braces
(npm)
Jun 6, 2019
Open Redirect in ecstatic
Moderate
GHSA-x4rf-4mqf-cm8w
was published
for
ecstatic
(npm)
Aug 19, 2020
•
withdrawn
Command Injection in wiki-plugin-datalog
High
GHSA-pm52-wwrw-c282
was published
for
wiki-plugin-datalog
(npm)
Jun 13, 2019
Out-of-bounds Read in npmconf
Moderate
GHSA-57cf-349j-352g
was published
for
npmconf
(npm)
Jun 12, 2019
Path Traversal in serve-here.js
High
GHSA-g8m7-qhv7-9h5x
was published
for
serve-here
(npm)
Jul 5, 2019
Rate Limiting Bypass in express-brute
Moderate
GHSA-984p-xq9m-4rjw
was published
for
express-brute
(npm)
Jun 7, 2019
Reverse Tabnapping in swagger-ui
Moderate
GHSA-x9p2-fxq6-2m5f
was published
for
swagger-ui
(npm)
Jun 20, 2019
Remote Code Execution in node-os-utils
High
GHSA-j9f8-8h89-j69x
was published
for
node-os-utils
(npm)
Jun 11, 2019
ProTip!
Advisories are also available from the
GraphQL API