GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
240,683 advisories
Filter by severity
Remote code execution in Handlebars.js
Moderate
GHSA-6r5x-hmgg-7h53
was published
for
handlebars
(npm)
Jul 15, 2019
•
withdrawn
Regular Expression Denial of Service
Moderate
GHSA-jcgq-xh2f-2hfm
was published
for
eslint
(npm)
Feb 25, 2021
•
withdrawn
Denial of Service in protobufjs
Moderate
GHSA-4gpv-cvmq-6526
was published
for
protobufjs
(npm)
Aug 19, 2020
•
withdrawn
Privilege Escalation in express-cart
Critical
GHSA-3fc5-9x9m-vqc4
was published
for
express-cart
(npm)
Jun 3, 2019
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2019-1010266
was published
for
lodash
(npm)
Jul 19, 2019
Insecure Default Configuration in tesseract.js
Moderate
GHSA-83rx-c8cr-6j8q
was published
for
tesseract.js
(npm)
Jun 5, 2019
NoSQL Injection in loopback-connector-mongodb
High
GHSA-m734-r4g6-34f9
was published
for
loopback-connector-mongodb
(npm)
Jun 4, 2019
Denial of Service in js-yaml
Moderate
GHSA-2pr6-76vf-7546
was published
for
js-yaml
(npm)
Jun 5, 2019
HTML tag injection
Moderate
GHSA-9vhv-p9r7-rm53
was published
for
serve-handler
(npm)
Feb 23, 2021
•
withdrawn
Signature Verification Bypass in jwt-simple
High
GHSA-8v5f-hp78-jgxq
was published
for
jwt-simple
(npm)
Jun 6, 2019
Prototype Pollution in @apollo/gateway
High
GHSA-74cr-77xc-8g6r
was published
for
@apollo/gateway
(npm)
Jun 13, 2019
Prototype Pollution in upmerge
Moderate
GHSA-gm9g-2g8v-fvxj
was published
for
upmerge
(npm)
Jun 6, 2019
Prototype Pollution in lutils-merge
Moderate
GHSA-f7qw-5pvg-mmwp
was published
for
lutils-merge
(npm)
Jun 13, 2019
Regular Expression Denial of Service
Moderate
GHSA-qx4v-6gc5-f2vv
was published
for
esm
(npm)
Jun 20, 2019
Directory Traversal in lactate
High
GHSA-68gr-cmcp-g3mj
was published
for
lactate
(npm)
Jun 14, 2019
Regular Expression Denial of Service in underscore.string
Moderate
GHSA-v2p6-4mp7-3r9v
was published
for
underscore.string
(npm)
Jun 14, 2019
Failure to sanitize quotes which can lead to sql injection in squel
Critical
GHSA-4qhx-g9wp-g9m6
was published
for
squel
(npm)
Jun 14, 2019
Arbitrary Code Injection in mobile-icon-resizer
Moderate
GHSA-mxjr-xmcg-fg7w
was published
for
mobile-icon-resizer
(npm)
Jun 27, 2019
Cross-Site Scripting in marked
Moderate
GHSA-8wp3-cp9v-44fm
was published
for
marked
(npm)
Feb 25, 2021
•
withdrawn
Denial of Service in url-relative
Moderate
GHSA-86p3-4gfq-38f2
was published
for
url-relative
(npm)
Jun 5, 2019
Cross-Site Scripting (XSS) in cloudcmd
High
GHSA-m8fw-534v-xm85
was published
for
cloudcmd
(npm)
Jun 4, 2019
Path Traversal in statics-server
Moderate
GHSA-74cp-qw7f-7hpw
was published
for
statics-server
(npm)
Jun 5, 2019
ProTip!
Advisories are also available from the
GraphQL API