GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,438 advisories
Filter by severity
Authentication Bypass by Spoofing in express-cart
High
CVE-2018-16483
was published
for
express-cart
(npm)
Feb 7, 2019
mcstatic directory traversal vulnerability
High
CVE-2018-16482
was published
for
mcstatic
(npm)
Feb 7, 2019
Path Traversal in http-live-simulator
High
CVE-2018-16479
was published
for
http-live-simulator
(npm)
Feb 7, 2019
xterm vulnerable to remote code execution
High
CVE-2019-0542
was published
for
xterm
(npm)
Jan 14, 2019
rendertron can remotely shut down Chrome instance
High
CVE-2017-18353
was published
for
rendertron
(npm)
Jan 4, 2019
react-dev-utils on Windows vulnerable to Remote Code Execution
High
CVE-2018-6342
was published
for
react-dev-utils
(npm)
Jan 4, 2019
Missing Origin Validation in webpack-dev-server
High
CVE-2018-14732
was published
for
webpack-dev-server
(npm)
Jan 4, 2019
Denial of Service in ethereumjs-vm
High
CVE-2018-19183
was published
for
ethereumjs-vm
(npm)
Nov 21, 2018
Header Forgery in http-signature
High
CVE-2017-16005
was published
for
http-signature
(npm)
Nov 9, 2018
windows-build-tools downloads Resources over HTTP
High
CVE-2017-16003
was published
for
windows-build-tools
(npm)
Nov 9, 2018
Insufficient Error Handling in http-proxy
High
CVE-2017-16014
was published
for
http-proxy
(npm)
Nov 9, 2018
Prototype Pollution in cached-path-relative
High
CVE-2018-16472
was published
for
cached-path-relative
(npm)
Nov 7, 2018
Cross-Site Request Forgery (CSRF) in Auth0
High
CVE-2018-6874
was published
for
auth0-js
(npm)
Nov 6, 2018
ProTip!
Advisories are also available from the
GraphQL API