Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,382 advisories

Loading
Directory Traversal in gomeplus-h5-proxy High
CVE-2017-16037 was published for gomeplus-h5-proxy (npm) Jul 24, 2018
Directory Traversal in hftp High
CVE-2017-16039 was published for hftp (npm) Jul 24, 2018
ikst Downloads Resources over HTTP High
CVE-2017-16041 was published for ikst (npm) Jul 24, 2018
Directory Traversal in f2e-server High
CVE-2017-16038 was published for f2e-server (npm) Jul 24, 2018
Directory Traversal in node-simple-router High
CVE-2017-16083 was published for node-simple-router (npm) Jul 24, 2018
ReDoS via long UserAgent header in ua-parser High
CVE-2017-16086 was published for ua-parser (npm) Jul 24, 2018
Regular Expression Denial of Service in no-case High
CVE-2017-16099 was published for no-case (npm) Jul 24, 2018
Regular Expression Denial of Service in content High
CVE-2017-16111 was published for content (npm) Jul 24, 2018
ReDoS via long UserAgent header in useragent High
CVE-2017-16030 was published for useragent (npm) Jul 24, 2018
Regular Expression Denial of Service in decamelize High
CVE-2017-16023 was published for decamelize (npm) Jul 24, 2018
Github Token Leak in aegir High
CVE-2017-16225 was published for aegir (npm) Jul 24, 2018
method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header High
CVE-2017-16136 was published for method-override (npm) Jul 24, 2018
Denial of Service in nes High
CVE-2017-16025 was published for nes (npm) Jul 24, 2018
Regular Expression Denial of Service in marked High
CVE-2017-16114 was published for marked (npm) Jul 24, 2018
Regular Expression Denial of Service in parsejson High
CVE-2017-16113 was published for parsejson (npm) Jul 24, 2018
Regular Expression Denial of Service in tough-cookie High
CVE-2017-15010 was published for tough-cookie (npm) Jul 24, 2018
tdunlap607
Regular Expression Denial of Service in string package High
CVE-2017-16116 was published for string (npm) Jul 24, 2018
Regular Expression Denial of Service in forwarded High
CVE-2017-16118 was published for forwarded (npm) Jul 24, 2018
Regular Expression Denial of Service in fresh High
CVE-2017-16119 was published for fresh (npm) Jul 24, 2018
Path Traversal in localhost-now High
CVE-2018-3729 was published for localhost-now (npm) Jul 25, 2018
Prototype Pollution in mixin-deep High
CVE-2018-3719 was published for mixin-deep (npm) Jul 26, 2018
Prototype Pollution in assign-deep High
CVE-2018-3720 was published for assign-deep (npm) Jul 26, 2018
Prototype Pollution in merge-deep High
CVE-2018-3722 was published for merge-deep (npm) Jul 26, 2018
Prototype Pollution in defaults-deep High
CVE-2018-3723 was published for defaults-deep (npm) Jul 26, 2018
seng1e
Path Traversal in general-file-server High
CVE-2018-3724 was published for general-file-server (npm) Jul 26, 2018
ProTip! Advisories are also available from the GraphQL API