GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,645 advisories
Filter by severity
Arbitrary File Write in iobroker.js-controller
High
CVE-2019-10767
was published
for
iobroker.js-controller
(npm)
Dec 2, 2019
Regular Expression Denial of Service in Acorn
High
GHSA-6chw-6frg-f759
was published
for
acorn
(npm)
Apr 3, 2020
Incorrect Account Used for Signing
High
GHSA-vg44-fw64-cpjx
was published
for
@metamask/eth-ledger-bridge-keyring
(npm)
Mar 24, 2020
Insecure Entropy Source - Math.random() in node-uuid
High
CVE-2015-8851
was published
for
node-uuid
(npm)
Apr 16, 2020
Sandbox bypass in constantinople
Moderate
GHSA-hg7c-66ff-9q8g
was published
for
constantinople
(npm)
Jul 31, 2020
•
withdrawn
OS Command Injection in devcert-sanscache
Critical
CVE-2019-10778
was published
for
devcert-sanscache
(npm)
Apr 14, 2020
curlrequest allows execution of arbitrary commands
Critical
CVE-2020-7646
was published
for
curlrequest
(npm)
May 13, 2020
Command Injection in hot-formula-parser
Critical
CVE-2020-6836
was published
for
hot-formula-parser
(npm)
May 6, 2020
False-negative validation results in MINT transactions with invalid baton
Critical
CVE-2020-11071
was published
for
slpjs
(npm)
May 12, 2020
False-negative validation results in MINT transactions with invalid baton
Critical
CVE-2020-11072
was published
for
slp-validate
(npm)
May 12, 2020
OS command injection in git-diff-apply
Critical
CVE-2019-10776
was published
for
git-diff-apply
(npm)
Feb 14, 2020
OS command injection in aws-lambda
Critical
CVE-2019-10777
was published
for
aws-lambda
(npm)
Feb 14, 2020
discord-html not escaping HTML code blocks when lacking a language identifier
High
GHSA-9r27-994c-4xch
was published
for
discord-markdown
(npm)
Feb 24, 2020
Validation Bypass in schema-inspector
Critical
CVE-2019-10781
was published
for
schema-inspector
(npm)
Jun 10, 2020
Downloads Resources over HTTP in rs-brightcove
High
CVE-2016-10676
was published
for
rs-brightcove
(npm)
Feb 18, 2019
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Moderate
CVE-2019-10785
was published
for
dojox
(npm)
Feb 13, 2020
codecov NPM module allows remote attackers to execute arbitrary commands
High
CVE-2020-7597
was published
for
codecov
(npm)
Feb 19, 2020
Reflected XSS in GraphQL Playground
High
CVE-2020-4038
was published
for
graphql-playground-html
(npm)
Jun 9, 2020
DoS via malicious record IDs in WatermelonDB
Moderate
CVE-2020-4035
was published
for
@nozbe/watermelondb
(npm)
Jun 3, 2020
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit
High
GHSA-p94w-42g3-f7h4
was published
for
vp-toolkit
(npm)
Mar 6, 2020
ProTip!
Advisories are also available from the
GraphQL API