GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,143 advisories
Filter by severity
Out-of-bounds Read in npmconf
Moderate
GHSA-57cf-349j-352g
was published
for
npmconf
(npm)
Jun 12, 2019
Rate Limiting Bypass in express-brute
Moderate
GHSA-984p-xq9m-4rjw
was published
for
express-brute
(npm)
Jun 7, 2019
Reverse Tabnapping in swagger-ui
Moderate
GHSA-x9p2-fxq6-2m5f
was published
for
swagger-ui
(npm)
Jun 20, 2019
Cross-Site Scripting via JSONP
Moderate
GHSA-28hp-fgcr-2r4h
was published
for
angular
(npm)
Jun 27, 2019
Cross-Site Scripting in @nuxt/devalue
Moderate
CVE-2019-13506
was published
for
@nuxt/devalue
(npm)
Jul 16, 2019
Cross-Site Scripting in cyberchef
Moderate
CVE-2019-15532
was published
for
cyberchef
(npm)
Aug 27, 2019
Cross-Site Scripting in status-board
Moderate
CVE-2019-15478
was published
for
status-board
(npm)
Sep 23, 2019
Cross-Site Scripting in keystone
Moderate
GHSA-h29r-4vqp-8jxf
was published
for
keystone
(npm)
Aug 20, 2020
•
withdrawn
Cross-Site Scripting in iobroker.web
Moderate
CVE-2019-10771
was published
for
iobroker.web
(npm)
Dec 2, 2019
Validation bypass is possible in Json Pattern Validator
Moderate
CVE-2019-19507
was published
for
jpv
(npm)
Dec 4, 2019
Cross-Site Scripting in selectize-plugin-a11y
Moderate
CVE-2019-15482
was published
for
selectize-plugin-a11y
(npm)
Aug 27, 2019
Denial of Service in rgb2hex
Moderate
GHSA-65p8-3hm4-h9h8
was published
for
rgb2hex
(npm)
Aug 23, 2019
Sandbox bypass in constantinople
Moderate
GHSA-hg7c-66ff-9q8g
was published
for
constantinople
(npm)
Jul 31, 2020
•
withdrawn
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Moderate
CVE-2019-10785
was published
for
dojox
(npm)
Feb 13, 2020
DoS via malicious record IDs in WatermelonDB
Moderate
CVE-2020-4035
was published
for
@nozbe/watermelondb
(npm)
Jun 3, 2020
Path Traversal in statics-server
Moderate
CVE-2019-15596
was published
for
statics-server
(npm)
Mar 31, 2020
Cross-Site Scripting in sanitize-html
Moderate
CVE-2016-1000237
was published
for
sanitize-html
(npm)
Apr 16, 2020
Cross-Site Scripting (XSS) in Verdaccio
Moderate
CVE-2019-14772
was published
for
verdaccio
(npm)
May 29, 2019
ProTip!
Advisories are also available from the
GraphQL API