Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,510 advisories

Loading
Cross-Site Scripting in ids-enterprise High
GHSA-crfx-5phg-hmw9 was published for ids-enterprise (npm) Jun 13, 2019
SQL Injection in sql Moderate
GHSA-8f93-rv4p-x4jw was published for sql (npm) Jun 12, 2019
Command Injection in open Critical
GHSA-28xh-wpgr-7fm8 was published for open (npm) Jun 20, 2019
Denial of Service in mem Moderate
GHSA-4xcv-9jjx-gfj3 was published for mem (npm) Jul 5, 2019
Cross-Site Scripting in @nuxt/devalue Moderate
CVE-2019-13506 was published for @nuxt/devalue (npm) Jul 16, 2019
Cross-Site Scripting via JSONP Moderate
GHSA-28hp-fgcr-2r4h was published for angular (npm) Jun 27, 2019
Cross-Site Scripting in cyberchef Moderate
CVE-2019-15532 was published for cyberchef (npm) Aug 27, 2019
Undefined Behavior in sailsjs-cacheman Low
GHSA-5w65-6875-rhq8 was published for sailsjs-cacheman (npm) Sep 11, 2019
Cross-Site Scripting in dojo Moderate
CVE-2010-2273 was published for dojo (npm) Sep 11, 2019
Message Signature Bypass in openpgp High
CVE-2019-9153 was published for openpgp (npm) Aug 23, 2019
Prototype Pollution in deeply Critical
CVE-2019-10750 was published for deeply (npm) Aug 27, 2019
Sensitive Data Exposure in seneca Low
CVE-2019-5483 was published for seneca (npm) Sep 11, 2019
Cross-Site Scripting in status-board Moderate
CVE-2019-15478 was published for status-board (npm) Sep 23, 2019
Cross-Site Scripting in keystone Moderate
GHSA-h29r-4vqp-8jxf was published for keystone (npm) Aug 20, 2020 withdrawn
SQL Injection in sequelize Critical
CVE-2019-10748 was published for sequelize (npm) Nov 6, 2019
Validation bypass is possible in Json Pattern Validator Moderate
CVE-2019-19507 was published for jpv (npm) Dec 4, 2019
Cross-Site Scripting in iobroker.web Moderate
CVE-2019-10771 was published for iobroker.web (npm) Dec 2, 2019
Remote Code Execution in Angular Expressions High
CVE-2020-5219 was published for angular-expressions (npm) Jan 24, 2020
MaxNad
Path Traversal in algo-httpserv High
GHSA-cgjv-rghq-qhgp was published for algo-httpserv (npm) Sep 11, 2019
Cross-Site Scripting in selectize-plugin-a11y Moderate
CVE-2019-15482 was published for selectize-plugin-a11y (npm) Aug 27, 2019
Identity Spoofing in libp2p-secio Critical
GHSA-rch7-f4h5-x9rj was published for libp2p-secio (npm) Aug 23, 2019
SQL Injection in sequelize Critical
CVE-2019-10749 was published for sequelize (npm) Nov 8, 2019
Improper Key Verification in openpgp High
CVE-2019-9154 was published for openpgp (npm) Aug 23, 2019
Denial of Service in rgb2hex Moderate
GHSA-65p8-3hm4-h9h8 was published for rgb2hex (npm) Aug 23, 2019
Cross-Site Scripting in vant High
GHSA-9xr8-8hmc-389f was published for vant (npm) Nov 22, 2019
ProTip! Advisories are also available from the GraphQL API