Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,382 advisories

Loading
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration High
CVE-2018-1000136 was published for electron (npm) Mar 26, 2018
Churro
tiny-json-http missing SSL certificate validation High
CVE-2018-1000096 was published for tiny-json-http (npm) Mar 13, 2018
pym.js CSRF Vulnerability High
CVE-2018-1000086 was published for pym.js (npm) Mar 13, 2018
Auth0-js bypasses CSRF checks High
CVE-2018-7307 was published for auth0-js (npm) Mar 7, 2018
AWS Lambda parser is vulnerable to Regular Expression Denial of Service High
CVE-2018-7560 was published for aws-lambda-multipart-parser (npm) Mar 5, 2018
ejs vulnerable to DoS due to weak input validation High
CVE-2017-1000189 was published for ejs (npm) Mar 5, 2018
Regular Expression Denial of Service in moment High
CVE-2017-18214 was published for moment (npm) Mar 5, 2018
tdunlap607
ReDoS in brace-expansion High
CVE-2017-18077 was published for brace-expansion (npm) Jan 29, 2018
Directory traversal vulnerability in Next.js High
CVE-2018-6184 was published for next (npm) Jan 24, 2018
Remote Code Execution in electron High
CVE-2018-1000006 was published for electron (npm) Jan 23, 2018
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames High
CVE-2017-1000452 was published for samlify (npm) Jan 4, 2018
eoftedal
Denial of Service in ecstatic High
CVE-2016-10703 was published for ecstatic (npm) Dec 28, 2017
Duplicate advisory: High severity vulnerability that affects passport-wsfed-saml2 High
GHSA-7fpw-cfc4-3p2c was published for passport-wsfed-saml2 (npm) Dec 28, 2017 withdrawn
auth0-js Privilege Escalation Vulnerability High
CVE-2017-17068 was published for auth0-js (npm) Dec 21, 2017
Next.js Directory Traversal Vulnerability High
CVE-2017-16877 was published for next (npm) Dec 5, 2017
tdunlap607
Cross-Site Request Forgery (CSRF) in keystone High
CVE-2017-16570 was published for keystone (npm) Nov 30, 2017
Potential Command Injection in codem-transcode High
CVE-2013-7377 was published for codem-transcode (npm) Nov 28, 2017
Keystone is vulnerable to CSV injection High
CVE-2017-15879 was published for keystone (npm) Nov 16, 2017
Regular Expression Denial of Service in uglify-js High
CVE-2015-8858 was published for uglify-js (npm) Oct 24, 2017
Denial-of-Service Memory Exhaustion in qs High
CVE-2014-7191 was published for qs (npm) Oct 24, 2017
File Descriptor Leak Can Cause DoS Vulnerability in hapi High
CVE-2014-3742 was published for hapi (npm) Oct 24, 2017
Regular Expression Denial of Service in semver High
CVE-2015-8855 was published for semver (npm) Oct 24, 2017
Potential for Script Injection in syntax-error High
CVE-2014-7192 was published for syntax-error (npm) Oct 24, 2017
RDIL
Directory Traversal in geddy High
CVE-2015-5688 was published for geddy (npm) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API