GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,438 advisories
Filter by severity
Missing Origin Validation in parcel-bundler
High
CVE-2018-14731
was published
for
parcel-bundler
(npm)
Oct 30, 2018
Private Data Disclosure in express-restify-mongoose
High
CVE-2016-10533
was published
for
express-restify-mongoose
(npm)
Oct 23, 2018
Denial of Service via malformed accept-encoding header in hapi
High
CVE-2017-16013
was published
for
hapi
(npm)
Oct 9, 2018
High severity vulnerability that affects qs
High
GHSA-crvj-3gj9-gm2p
was published
for
qs
(npm)
Oct 9, 2018
•
withdrawn
Regular Expression Denial of Service in minimatch
High
CVE-2016-10540
was published
for
minimatch
(npm)
Oct 9, 2018
High severity vulnerability that affects uglify-js
High
GHSA-g6f4-j6c2-w3p3
was published
for
uglify-js
(npm)
Oct 9, 2018
•
withdrawn
Denial-of-Service Extended Event Loop Blocking in qs
High
CVE-2014-10064
was published
for
qs
(npm)
Oct 9, 2018
Regular Expression Denial of Service in negotiator
High
CVE-2016-10539
was published
for
negotiator
(npm)
Oct 9, 2018
Downloads Resources over HTTP in node-bsdiff-android
High
CVE-2016-10641
was published
for
node-bsdiff-android
(npm)
Sep 18, 2018
apk-parser2 downloads Resources over HTTP
High
CVE-2016-10632
was published
for
apk-parser2
(npm)
Sep 18, 2018
simplehttpserver allows directory traversal and file listing
High
CVE-2018-3787
was published
for
simplehttpserver
(npm)
Sep 6, 2018
ProTip!
Advisories are also available from the
GraphQL API