Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,382 advisories

Loading
Potential SQL Injection in sequelize High
CVE-2016-10553 was published for sequelize (npm) Feb 18, 2019
Downloads Resources over HTTP in webdriver-launcher High
CVE-2016-10651 was published for webdriver-launcher (npm) Feb 18, 2019
Downloads Resources over HTTP in haxe3 High
CVE-2016-10688 was published for haxe3 (npm) Aug 17, 2018
Path Traversal in http-live-simulator High
CVE-2019-5423 was published for http-live-simulator (npm) Apr 8, 2019
Authentication Weakness in keystone High
CVE-2015-9240 was published for keystone (npm) Jun 7, 2018
Downloads Resources over HTTP in windows-seleniumjar-mirror High
CVE-2016-10670 was published for windows-seleniumjar-mirror (npm) Feb 18, 2019
DoS due to excessively large websocket message in ws High
CVE-2016-10542 was published for ws (npm) Feb 18, 2019
AWS Lambda parser is vulnerable to Regular Expression Denial of Service High
CVE-2018-7560 was published for aws-lambda-multipart-parser (npm) Mar 5, 2018
Downloads Resources over HTTP in fibjs High
CVE-2016-10621 was published for fibjs (npm) Feb 18, 2019
Downloads Resources over HTTP in httpsync High
CVE-2016-10614 was published for httpsync (npm) Feb 18, 2019
Potential for Script Injection in syntax-error High
CVE-2014-7192 was published for syntax-error (npm) Oct 24, 2017
RDIL
Downloads Resources over HTTP in tomita-parser High
CVE-2016-10666 was published for tomita-parser (npm) Feb 18, 2019
Downloads Resources over HTTP in bionode-sra High
CVE-2016-10613 was published for bionode-sra (npm) Feb 18, 2019
Default Express middleware security check is ignored in production High
GHSA-4j6x-w426-6rc6 was published for @cubejs-backend/api-gateway (npm) Nov 8, 2019
Downloads Resources over HTTP in baryton-saxophone High
CVE-2016-10573 was published for baryton-saxophone (npm) Feb 18, 2019
Downloads Resources over HTTP in webrtc-native High
CVE-2016-10600 was published for webrtc-native (npm) Feb 18, 2019
Authentication Bypass in passport-azure-ad High
CVE-2016-7191 was published for passport-azure-ad (npm) Jul 26, 2018
Downloads Resources over HTTP in mongodb-instance High
CVE-2016-10572 was published for mongodb-instance (npm) Feb 18, 2019
Path Traversal in http-live-simulator High
CVE-2018-16479 was published for http-live-simulator (npm) Feb 7, 2019
Downloads Resources over HTTP in operadriver High
CVE-2016-10565 was published for operadriver (npm) Feb 18, 2019
Downloads Resources over HTTP in curses High
CVE-2016-10615 was published for curses (npm) Feb 18, 2019
Downloads Resources over HTTP in macaca-chromedriver-zxa High
CVE-2016-10623 was published for macaca-chromedriver-zxa (npm) Feb 18, 2019
Downloads Resources over HTTP in box2d-native High
CVE-2016-10617 was published for box2d-native (npm) Feb 18, 2019
High severity vulnerability that affects qs High
GHSA-crvj-3gj9-gm2p was published for qs (npm) Oct 9, 2018 withdrawn
Denial-of-Service Extended Event Loop Blocking in qs High
CVE-2014-10064 was published for qs (npm) Oct 9, 2018
ProTip! Advisories are also available from the GraphQL API