Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,438 advisories

Loading
Prototype Pollution in lodash High
CVE-2018-16487 was published for lodash (npm) Feb 7, 2019
Authentication Bypass by Spoofing in express-cart High
CVE-2018-16483 was published for express-cart (npm) Feb 7, 2019
mcstatic directory traversal vulnerability High
CVE-2018-16482 was published for mcstatic (npm) Feb 7, 2019
Path Traversal in http-live-simulator High
CVE-2018-16479 was published for http-live-simulator (npm) Feb 7, 2019
xterm vulnerable to remote code execution High
CVE-2019-0542 was published for xterm (npm) Jan 14, 2019
Churro
rendertron LFI vulnerability High
CVE-2017-18354 was published for rendertron (npm) Jan 4, 2019
rendertron can remotely shut down Chrome instance High
CVE-2017-18353 was published for rendertron (npm) Jan 4, 2019
react-dev-utils on Windows vulnerable to Remote Code Execution High
CVE-2018-6342 was published for react-dev-utils (npm) Jan 4, 2019
Missing Origin Validation in webpack-dev-server High
CVE-2018-14732 was published for webpack-dev-server (npm) Jan 4, 2019
NikoRaisanen
Denial of Service in ethereumjs-vm High
CVE-2018-19183 was published for ethereumjs-vm (npm) Nov 21, 2018
Header Forgery in http-signature High
CVE-2017-16005 was published for http-signature (npm) Nov 9, 2018
sqlserver is malware High
CVE-2017-16055 was published for sqlserver (npm) Nov 9, 2018
windows-build-tools downloads Resources over HTTP High
CVE-2017-16003 was published for windows-build-tools (npm) Nov 9, 2018
XSS in Data URI in remarkable High
CVE-2017-16006 was published for remarkable (npm) Nov 9, 2018
Insufficient Error Handling in http-proxy High
CVE-2017-16014 was published for http-proxy (npm) Nov 9, 2018
Directory Traversal in hostr High
CVE-2017-16029 was published for hostr (npm) Nov 9, 2018
gruntcli is malware High
CVE-2017-16058 was published for gruntcli (npm) Nov 9, 2018
mssql-node is malware High
CVE-2017-16059 was published for mssql-node (npm) Nov 9, 2018
mssql.js is malware High
CVE-2017-16056 was published for mssql.js (npm) Nov 9, 2018
nodemssql is malware High
CVE-2017-16057 was published for nodemssql (npm) Nov 9, 2018
Prototype Pollution in cached-path-relative High
CVE-2018-16472 was published for cached-path-relative (npm) Nov 7, 2018
Insecure randomness in socket.io High
CVE-2017-16031 was published for socket.io (npm) Nov 7, 2018
Cross-Site Request Forgery (CSRF) in Auth0 High
CVE-2018-6874 was published for auth0-js (npm) Nov 6, 2018
Path Traversal in knightjs High
CVE-2018-16475 was published for knightjs (npm) Nov 6, 2018
node-tkinter is malware High
CVE-2017-16062 was published for node-tkinter (npm) Nov 1, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database