Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,050 advisories

Loading
Cross-Site Scripting in public Moderate
CVE-2018-3747 was published for public (npm) Oct 10, 2018
ReDoS via long string of semicolons in tough-cookie Moderate
CVE-2016-1000232 was published for tough-cookie (npm) Oct 10, 2018
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page Moderate
CVE-2018-18282 was published for next (npm) Oct 15, 2018
Cross-Site Scripting in handlebars Moderate
CVE-2015-8861 was published for handlebars (npm) Oct 23, 2018
No Charset in Content-Type Header in express Moderate
CVE-2014-6393 was published for express (npm) Oct 23, 2018
Command Injection in libnmap Moderate
CVE-2018-16461 was published for libnmap (npm) Nov 1, 2018
Stored Cross-Site Scripting in tianma-static Moderate
CVE-2018-16474 was published for tianma-static (npm) Nov 6, 2018
Path Traversal in takeapeek Moderate
CVE-2018-16473 was published for takeapeek (npm) Nov 6, 2018
XSS Filter Bypass via Encoded URL in validator Moderate
CVE-2014-9772 was published for validator (npm) Nov 6, 2018
Cross-Site Scripting in nunjucks Moderate
CVE-2016-10547 was published for nunjucks (npm) Nov 6, 2018
HTML Injection in shout Moderate
CVE-2017-16043 was published for shout (npm) Nov 7, 2018
Pandao editor.md vulnerable to DOM XSS Moderate
CVE-2018-19056 was published for editor.md (npm) Nov 9, 2018
Remote Memory Exposure in request Moderate
CVE-2017-16026 was published for request (npm) Nov 9, 2018
tdunlap607
Tmp files readable by other users in sync-exec Moderate
CVE-2017-16024 was published for sync-exec (npm) Nov 9, 2018
Cross-Site Scripting (XSS) in restify Moderate
CVE-2017-16018 was published for restify (npm) Nov 9, 2018
Cross-Site Scripting in sanitize-html Moderate
CVE-2017-16017 was published for sanitize-html (npm) Nov 9, 2018
Cross-Site Scripting in forms Moderate
CVE-2017-16015 was published for forms (npm) Nov 9, 2018
Cross-Site Scripting in morris.js Moderate
CVE-2017-16022 was published for morris.js (npm) Nov 9, 2018
Cross-Site Scripting in i18next Moderate
CVE-2017-16008 was published for i18next (npm) Nov 9, 2018
Cross-Site Scripting in sanitize-html Moderate
CVE-2017-16016 was published for sanitize-html (npm) Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js Moderate
CVE-2017-1000042 was published for mapbox-rails (RubyGems) Nov 9, 2018
Content Injection via TileJSON Name in mapbox.js Moderate
CVE-2017-1000043 was published for mapbox-rails (RubyGems) Nov 9, 2018
Cross-Site Scripting in html-janitor Moderate
CVE-2017-0931 was published for html-janitor (npm) Nov 9, 2018
Valine HTML Injection Moderate
CVE-2018-19289 was published for valine (npm) Nov 21, 2018
Ckeditor XSS Vulnerability Moderate
CVE-2018-17960 was published for ckeditor (Composer) Nov 21, 2018
ProTip! Advisories are also available from the GraphQL API