Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

975 advisories

Loading
Downloads Resources over HTTP in fis-parser-sass-bin High
CVE-2016-10660 was published for fis-parser-sass-bin (npm) Feb 18, 2019
Downloads Resources over HTTP in co-cli-installer High
CVE-2016-10657 was published for co-cli-installer (npm) Feb 18, 2019
Downloads Resources over HTTP in tomita High
CVE-2016-10662 was published for tomita (npm) Feb 18, 2019
Downloads Resources over HTTP in macaca-chromedriver-zxa High
CVE-2016-10623 was published for macaca-chromedriver-zxa (npm) Feb 18, 2019
Downloads Resources over HTTP in box2d-native High
CVE-2016-10617 was published for box2d-native (npm) Feb 18, 2019
Cross-Site Scripting in public Moderate
CVE-2018-3747 was published for public (npm) Oct 10, 2018
Downloads Resources over HTTP in curses High
CVE-2016-10615 was published for curses (npm) Feb 18, 2019
Downloads Resources over HTTP in mongodb-instance High
CVE-2016-10572 was published for mongodb-instance (npm) Feb 18, 2019
Cross-Site Scripting in keystone Moderate
CVE-2017-15878 was published for keystone (npm) Nov 15, 2017
Downloads Resources over HTTP in webrtc-native High
CVE-2016-10600 was published for webrtc-native (npm) Feb 18, 2019
Downloads Resources over HTTP in baryton-saxophone High
CVE-2016-10573 was published for baryton-saxophone (npm) Feb 18, 2019
Potential for Script Injection in syntax-error High
CVE-2014-7192 was published for syntax-error (npm) Oct 24, 2017
RDIL
Downloads Resources over HTTP in httpsync High
CVE-2016-10614 was published for httpsync (npm) Feb 18, 2019
Downloads Resources over HTTP in tomita-parser High
CVE-2016-10666 was published for tomita-parser (npm) Feb 18, 2019
Downloads Resources over HTTP in fibjs High
CVE-2016-10621 was published for fibjs (npm) Feb 18, 2019
Downloads Resources over HTTP in windows-seleniumjar-mirror High
CVE-2016-10670 was published for windows-seleniumjar-mirror (npm) Feb 18, 2019
Downloads Resources over HTTP in webdriver-launcher High
CVE-2016-10651 was published for webdriver-launcher (npm) Feb 18, 2019
Downloads Resources over HTTP in haxe3 High
CVE-2016-10688 was published for haxe3 (npm) Aug 17, 2018
Downloads Resources over HTTP in massif High
CVE-2016-10682 was published for massif (npm) Feb 18, 2019
Downloads Resources over HTTP in ntfserver High
CVE-2016-10650 was published for ntfserver (npm) Feb 18, 2019
Downloads Resources over HTTP in scala-bin High
CVE-2016-10627 was published for scala-bin (npm) Feb 18, 2019
Cross-Site Scripting in editor.md Moderate
CVE-2019-9737 was published for editor.md (npm) Mar 14, 2019
Cross Site Scripting (XSS) in plotly.js Moderate
CVE-2017-1000006 was published for plotly.js (npm) Oct 24, 2017
Sandbox Breakout in realms-shim Critical
GHSA-7cg8-pq9v-x98q was published for realms-shim (npm) Oct 21, 2019
Downloads Resources over HTTP in mystem3 High
CVE-2016-10626 was published for mystem3 (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database