Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,458 advisories

Loading
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
Cross-Site Scripting in fileview High
CVE-2019-15602 was published for fileview (npm) Apr 1, 2020
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Prototype Pollution Protection Bypass in qs High
CVE-2017-1000048 was published for qs (npm) Apr 30, 2020
Downloads Resources over HTTP in selenium-download High
CVE-2016-10559 was published for selenium-download (npm) Feb 18, 2019
Downloads Resources over HTTP in alto-saxophone High
CVE-2016-10694 was published for alto-saxophone (npm) Jul 31, 2018
Regular Expression Denial of Service in websocket-extensions (NPM package) High
CVE-2020-7662 was published for websocket-extensions (npm) Jun 5, 2020
Downloads Resources over HTTP in selenium-standalone-painful High
CVE-2016-10679 was published for selenium-standalone-painful (npm) Feb 18, 2019
Path Traversal in simplehttpserver High
CVE-2018-16493 was published for static-resource-server (npm) Feb 7, 2019
Downloads Resources over HTTP in cmake High
CVE-2016-10642 was published for cmake (npm) Aug 15, 2018
Downloads Resources over HTTP in bkjs-wand High
CVE-2016-10571 was published for bkjs-wand (npm) Feb 18, 2019
Downloads Resources over HTTP in grunt-webdriver-qunit High
CVE-2016-10606 was published for grunt-webdriver-qunit (npm) Feb 18, 2019
Downloads Resources over HTTP in google-closure-tools-latest High
CVE-2016-10677 was published for google-closure-tools-latest (npm) Feb 18, 2019
Downloads Resources over HTTP in selenium-portal High
CVE-2016-10667 was published for selenium-portal (npm) Feb 18, 2019
Downloads Resources over HTTP in mystem3 High
CVE-2016-10626 was published for mystem3 (npm) Feb 18, 2019
Github Token Leak in aegir High
CVE-2017-16225 was published for aegir (npm) Jul 24, 2018
Regular Expression Denial of Service in negotiator High
CVE-2016-10539 was published for negotiator (npm) Oct 9, 2018
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
Directory Traversal in geddy High
CVE-2015-5688 was published for geddy (npm) Oct 24, 2017
Path Traversal in total.js High
CVE-2019-8903 was published for total.js (npm) Feb 20, 2019
Denial of Service in nes High
CVE-2017-16025 was published for nes (npm) Jul 24, 2018
Downloads Resources over HTTP in scala-bin High
CVE-2016-10627 was published for scala-bin (npm) Feb 18, 2019
Downloads Resources over HTTP in ntfserver High
CVE-2016-10650 was published for ntfserver (npm) Feb 18, 2019
Downloads Resources over HTTP in massif High
CVE-2016-10682 was published for massif (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database