Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,096 advisories

Loading
Cross-Site Scripting in sexstatic Moderate
CVE-2018-3755 was published for sexstatic (npm) Oct 1, 2018
Cross-Site Scripting in glance Moderate
CVE-2018-3748 was published for glance (npm) Sep 27, 2018
Directory Traversal in augustine Moderate
CVE-2017-0930 was published for augustine (npm) Sep 18, 2018
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018
tdunlap607 1Jesper1
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (RubyGems) Sep 13, 2018
jenhae
Cross-Site Scripting in exceljs Moderate
CVE-2018-16459 was published for exceljs (npm) Sep 11, 2018
Pandao editor.md vulnerable to XSS in IMG attributes Moderate
CVE-2018-16330 was published for editor.md (npm) Sep 6, 2018
Directory Traversal in easyquick Moderate
CVE-2017-16109 was published for easyquick (npm) Aug 29, 2018
Hijacked Environment Variables in proxy.js Moderate
CVE-2017-16076 was published for proxy.js (npm) Aug 29, 2018
Shadowsock is malware Moderate
CVE-2017-16078 was published for shadowsock (npm) Aug 27, 2018
Improper Authorization in aedes Moderate
CVE-2018-3778 was published for aedes (npm) Aug 15, 2018
tdunlap607
superagent vulnerable to zip bomb attacks Moderate
CVE-2017-16129 was published for superagent (npm) Aug 9, 2018
metascraper before v5.2.0 vulnerable to stored cross-site scripting Moderate
CVE-2018-3773 was published for metascraper (npm) Aug 8, 2018
jquey is malware Moderate
CVE-2017-16204 was published for jquey (npm) Aug 6, 2018
Directory Traversal in desafio Moderate
CVE-2017-16164 was published for desafio (npm) Aug 6, 2018
Directory Traversal in jikes Moderate
CVE-2017-16139 was published for jikes (npm) Aug 6, 2018
Sandbox Breakout / Arbitrary Code Execution in static-eval Moderate
CVE-2017-16226 was published for static-eval (npm) Aug 6, 2018
Open Redirect in st Moderate
CVE-2017-16224 was published for st (npm) Aug 6, 2018
Directory Traversal in elding Moderate
CVE-2017-16222 was published for elding (npm) Aug 6, 2018
cofeescript is malware Moderate
CVE-2017-16202 was published for cofeescript (npm) Aug 6, 2018
Moderate severity vulnerability that affects moment Moderate
GHSA-hxf5-mg84-pj4m was published for moment (npm) Jul 31, 2018 withdrawn
Moderate severity vulnerability that affects is-my-json-valid Moderate
GHSA-ccq6-3qx5-vmqx was published for is-my-json-valid (npm) Jul 31, 2018 withdrawn
Directory Traversal in serve Moderate
CVE-2018-3712 was published for serve (npm) Jul 27, 2018
tdunlap607
Arbitrary File Write in adm-zip Moderate
CVE-2018-1002204 was published for adm-zip (npm) Jul 27, 2018
Arbitrary File Write via Archive Extraction in unzipper Moderate
CVE-2018-1002203 was published for unzipper (npm) Jul 27, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database