GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,096 advisories
Filter by severity
Cross-Site Scripting in sexstatic
Moderate
CVE-2018-3755
was published
for
sexstatic
(npm)
Oct 1, 2018
Directory Traversal in augustine
Moderate
CVE-2017-0930
was published
for
augustine
(npm)
Sep 18, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Cross-Site Scripting in exceljs
Moderate
CVE-2018-16459
was published
for
exceljs
(npm)
Sep 11, 2018
Pandao editor.md vulnerable to XSS in IMG attributes
Moderate
CVE-2018-16330
was published
for
editor.md
(npm)
Sep 6, 2018
Directory Traversal in easyquick
Moderate
CVE-2017-16109
was published
for
easyquick
(npm)
Aug 29, 2018
Hijacked Environment Variables in proxy.js
Moderate
CVE-2017-16076
was published
for
proxy.js
(npm)
Aug 29, 2018
superagent vulnerable to zip bomb attacks
Moderate
CVE-2017-16129
was published
for
superagent
(npm)
Aug 9, 2018
metascraper before v5.2.0 vulnerable to stored cross-site scripting
Moderate
CVE-2018-3773
was published
for
metascraper
(npm)
Aug 8, 2018
Sandbox Breakout / Arbitrary Code Execution in static-eval
Moderate
CVE-2017-16226
was published
for
static-eval
(npm)
Aug 6, 2018
Moderate severity vulnerability that affects moment
Moderate
GHSA-hxf5-mg84-pj4m
was published
for
moment
(npm)
Jul 31, 2018
•
withdrawn
Moderate severity vulnerability that affects is-my-json-valid
Moderate
GHSA-ccq6-3qx5-vmqx
was published
for
is-my-json-valid
(npm)
Jul 31, 2018
•
withdrawn
Arbitrary File Write in adm-zip
Moderate
CVE-2018-1002204
was published
for
adm-zip
(npm)
Jul 27, 2018
Arbitrary File Write via Archive Extraction in unzipper
Moderate
CVE-2018-1002203
was published
for
unzipper
(npm)
Jul 27, 2018
ProTip!
Advisories are also available from the
GraphQL API