GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
395 advisories
Filter by severity
Cross-Site Scripting in console-feed
High
GHSA-g9wg-wq4f-2x5w
was published
for
console-feed
(npm)
Sep 3, 2020
Cross-Site Scripting in snekserve
High
GHSA-hv4w-jhcj-6wfw
was published
for
snekserve
(npm)
Sep 3, 2020
Cross-Site Scripting in markdown-to-jsx
High
GHSA-ccrp-c664-8p4j
was published
for
markdown-to-jsx
(npm)
Sep 3, 2020
Prototype Pollution in handlebars
High
GHSA-g9r4-xpmj-mj65
was published
for
handlebars
(npm)
Sep 4, 2020
Prototype Pollution in json-logic-js
High
GHSA-m9hw-7xfv-wqg7
was published
for
json-logic-js
(npm)
Nov 12, 2020
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
High
CVE-2020-7788
was published
for
ini
(npm)
Dec 10, 2020
Processing untrusted theming resources might execute arbitrary code (ACE)
High
CVE-2021-21316
was published
for
less-openui5
(npm)
Jan 29, 2021
Vulnerability allowing for reading internal HTTP resources
High
GHSA-hfwx-c7q6-g54c
was published
for
highcharts-export-server
(npm)
Mar 12, 2021
Regular Expression Denial of Service (ReDoS)
High
CVE-2021-27290
was published
for
ssri
(npm)
Mar 19, 2021
Regular Expression Denial of Service (ReDoS)
High
CVE-2021-28092
was published
for
is-svg
(npm)
Mar 19, 2021
Command injection vulnerability in @prisma/sdk in getPackedPackage function
High
CVE-2021-21414
was published
for
@prisma/sdk
(npm)
Apr 6, 2021
Options structure open to Cross-site Scripting if passed unfiltered
High
CVE-2021-29489
was published
for
highcharts
(npm)
May 6, 2021
Prototype Pollution in backbone-query-parameters
High
CVE-2021-20085
was published
for
backbone-query-parameters
(npm)
May 6, 2021
Regular Expression Denial of Service (ReDoS) in ua-parser-js
High
CVE-2021-27292
was published
for
ua-parser-js
(npm)
May 6, 2021
Prototype Pollution in jquery-bbq
High
CVE-2021-20086
was published
for
jquery-bbq
(npm)
May 24, 2021
Prototype Pollution in jquery-deparam
High
CVE-2021-20087
was published
for
jquery-deparam
(npm)
May 24, 2021
Calipso Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2021-23391
was published
for
calipso
(npm)
Jun 8, 2021
Uncontrolled Resource Consumption in ansi-html
High
CVE-2021-23424
was published
for
ansi-html
(npm)
Sep 2, 2021
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
Cross Site Request Forgery in kindeditor
High
CVE-2021-42228
was published
for
kindeditor
(npm)
Oct 18, 2021
Embedded malware in ua-parser-js
High
GHSA-pjwm-rvh2-c87w
was published
for
ua-parser-js
(npm)
Oct 22, 2021
ProTip!
Advisories are also available from the
GraphQL API