Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,141 advisories

Loading
Cross-Site Scripting in sanitize-html Moderate
CVE-2017-16017 was published for sanitize-html (npm) Nov 9, 2018
Cross-Site Scripting (XSS) in restify Moderate
CVE-2017-16018 was published for restify (npm) Nov 9, 2018
Tmp files readable by other users in sync-exec Moderate
CVE-2017-16024 was published for sync-exec (npm) Nov 9, 2018
Remote Memory Exposure in request Moderate
CVE-2017-16026 was published for request (npm) Nov 9, 2018
tdunlap607
Pandao editor.md vulnerable to DOM XSS Moderate
CVE-2018-19056 was published for editor.md (npm) Nov 9, 2018
HTML Injection in shout Moderate
CVE-2017-16043 was published for shout (npm) Nov 7, 2018
Cross-Site Scripting in nunjucks Moderate
CVE-2016-10547 was published for nunjucks (npm) Nov 6, 2018
XSS Filter Bypass via Encoded URL in validator Moderate
CVE-2014-9772 was published for validator (npm) Nov 6, 2018
Path Traversal in takeapeek Moderate
CVE-2018-16473 was published for takeapeek (npm) Nov 6, 2018
Stored Cross-Site Scripting in tianma-static Moderate
CVE-2018-16474 was published for tianma-static (npm) Nov 6, 2018
Command Injection in libnmap Moderate
CVE-2018-16461 was published for libnmap (npm) Nov 1, 2018
No Charset in Content-Type Header in express Moderate
CVE-2014-6393 was published for express (npm) Oct 23, 2018
Cross-Site Scripting in handlebars Moderate
CVE-2015-8861 was published for handlebars (npm) Oct 23, 2018
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page Moderate
CVE-2018-18282 was published for next (npm) Oct 15, 2018
ReDoS via long string of semicolons in tough-cookie Moderate
CVE-2016-1000232 was published for tough-cookie (npm) Oct 10, 2018
Cross-Site Scripting in public Moderate
CVE-2018-3747 was published for public (npm) Oct 10, 2018
Cryptographically Weak PRNG in randomatic Moderate
CVE-2017-16028 was published for randomatic (npm) Oct 9, 2018
Moderate severity vulnerability that affects mustache Moderate
GHSA-3233-rgx3-c2wh was published for mustache (npm) Oct 9, 2018 withdrawn
Moderate severity vulnerability that affects send Moderate
GHSA-pgv6-jrvv-75jp was published for send (npm) Oct 9, 2018 withdrawn
Denial of Service in protobufjs Moderate
CVE-2018-3738 was published for protobufjs (npm) Oct 9, 2018
Cross-Site Scripting in sexstatic Moderate
CVE-2018-3755 was published for sexstatic (npm) Oct 1, 2018
Cross-Site Scripting in glance Moderate
CVE-2018-3748 was published for glance (npm) Sep 27, 2018
Directory Traversal in augustine Moderate
CVE-2017-0930 was published for augustine (npm) Sep 18, 2018
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018
tdunlap607 1Jesper1
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (RubyGems) Sep 13, 2018
jenhae
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database