Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,098 advisories

Loading
Cross-Site Scripting (XSS) in Verdaccio Moderate
CVE-2019-14772 was published for verdaccio (npm) May 29, 2019
evilpacket
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) Moderate
GHSA-7fhm-mqm4-2wp7 was published for acorn (npm) Mar 13, 2020 withdrawn
CSRF and DNS Rebinding in Oasis Moderate
CVE-2020-11003 was published for @fraction/oasis (npm) Apr 16, 2020
christianbundy zozs
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7652 was published for snyk-broker (npm) Jun 3, 2020
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js Moderate
CVE-2017-11429 was published for saml2-js (npm) Jul 5, 2019
HTML Injection in shout Moderate
CVE-2017-16043 was published for shout (npm) Nov 7, 2018
Cross-Site Scripting in editor.md Moderate
CVE-2019-9737 was published for editor.md (npm) Mar 14, 2019
Cross Site Scripting (XSS) in plotly.js Moderate
CVE-2017-1000006 was published for plotly.js (npm) Oct 24, 2017
Moderate severity vulnerability that affects mustache Moderate
GHSA-3233-rgx3-c2wh was published for mustache (npm) Oct 9, 2018 withdrawn
Regular Expression Denial of Service in ssri Moderate
CVE-2018-7651 was published for ssri (npm) Mar 7, 2018
Downloads Resources over HTTP in jser-stat Moderate
CVE-2016-10592 was published for jser-stat (npm) Feb 18, 2019
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7453 was published for validator (npm) Oct 24, 2017
Information Exposure on Case Insensitive File Systems in serve Moderate
CVE-2018-3809 was published for serve (npm) Jul 18, 2018
Cross-Site Scripting in glance Moderate
CVE-2018-3748 was published for glance (npm) Sep 27, 2018
XSS Filter Bypass via Encoded URL in validator Moderate
CVE-2014-9772 was published for validator (npm) Nov 6, 2018
Cross-Site Scripting in keystone Moderate
CVE-2017-15878 was published for keystone (npm) Nov 15, 2017
Insecure Default Configuration in airbrake Moderate
CVE-2016-10530 was published for airbrake (npm) Feb 18, 2019
Insight API transaction broadcast endpoint can result in Full Path Disclosure Moderate
CVE-2018-1000023 was published for insight-api (npm) Mar 5, 2018
Cross-Site Scripting in public Moderate
CVE-2018-3747 was published for public (npm) Oct 10, 2018
Cross-Site Scripting in nunjucks Moderate
CVE-2016-10547 was published for nunjucks (npm) Nov 6, 2018
Moderate severity vulnerability that affects total.js Moderate
CVE-2019-10260 was published for total.js (npm) Apr 2, 2019
Cross-Site Scripting in keystone Moderate
CVE-2017-15881 was published for keystone (npm) Nov 16, 2017
Denial of Service in mqtt Moderate
CVE-2017-10910 was published for mqtt (npm) Dec 28, 2017
Route Validation Bypass in call Moderate
CVE-2016-10543 was published for call (npm) Feb 18, 2019
Cross-Site Scripting in handlebars Moderate
CVE-2015-8861 was published for handlebars (npm) Oct 23, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database