Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,050 advisories

Loading
Cross-site Scripting in yapi-vendor Moderate
CVE-2018-17574 was published for yapi-vendor (npm) Nov 21, 2018
SimpleMDE XSS Vulnerability Moderate
CVE-2018-19057 was published for simplemde (npm) Nov 21, 2018
Path Traversal in simplehttpserver Moderate
CVE-2018-16478 was published for simplehttpserver (npm) Dec 6, 2018
Cross-Site Scripting in react-dom Moderate
CVE-2018-6341 was published for react-dom (npm) Jan 4, 2019
rendertron XSS vulnerability Moderate
CVE-2017-18352 was published for rendertron (npm) Jan 7, 2019
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (npm) Jan 17, 2019
roka-actico
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (npm) Jan 17, 2019
tdunlap607
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (npm) Jan 17, 2019
tdunlap607
Prototype Pollution in extend Moderate
CVE-2018-16492 was published for extend (npm) Feb 7, 2019
Tnantoka/public XSS Vulnerability Moderate
CVE-2018-16480 was published for public (npm) Feb 7, 2019
Cross-Site Scripting in html-pages Moderate
CVE-2018-16481 was published for html-pages (npm) Feb 7, 2019
Cross-Site Scripting in m-server Moderate
CVE-2018-16484 was published for m-server (npm) Feb 7, 2019
Directory Traversal in bitty Moderate
CVE-2016-10561 was published for bitty (npm) Feb 18, 2019
grunt-gh-pages before 0.10.0 may allow unencrypted GitHub credentials to be written to a log file Moderate
CVE-2016-10526 was published for grunt-gh-pages (npm) Feb 18, 2019
Directory Traversal in restafary Moderate
CVE-2016-10528 was published for restafary (npm) Feb 18, 2019
Insecure Defaults Allow MITM Over TLS in engine.io-client Moderate
CVE-2016-10536 was published for engine.io-client (npm) Feb 18, 2019
Cross-Site Scripting in backbone Moderate
CVE-2016-10537 was published for backbone (npm) Feb 18, 2019
Route Validation Bypass in call Moderate
CVE-2016-10543 was published for call (npm) Feb 18, 2019
Downloads Resources over HTTP in arcanist Moderate
CVE-2016-10683 was published for arcanist (npm) Feb 18, 2019
Downloads Resources over HTTP in jser-stat Moderate
CVE-2016-10592 was published for jser-stat (npm) Feb 18, 2019
SQL Injection in sequelize Moderate
CVE-2016-10554 was published for sequelize (npm) Feb 18, 2019
m-server Vulnerable to Directory Traversal Moderate
CVE-2018-16485 was published for m-server (npm) Feb 18, 2019
Insecure Default Configuration in airbrake Moderate
CVE-2016-10530 was published for airbrake (npm) Feb 18, 2019
Sanitization bypass using HTML Entities in marked Moderate
CVE-2016-10531 was published for marked (npm) Feb 18, 2019
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
ProTip! Advisories are also available from the GraphQL API