GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
Cross-Site Scripting in serve
Moderate
GHSA-cpgr-wmr9-qxv4
was published
for
serve
(npm)
Sep 11, 2020
Command Injection in wizard-syncronizer
Moderate
GHSA-wgw3-gf4p-62xc
was published
for
wizard-syncronizer
(npm)
Sep 11, 2020
Denial of Service in sequelize
Moderate
GHSA-fw4p-36j9-rrj3
was published
for
sequelize
(npm)
Sep 3, 2020
Cross-Site Scripting in buttle
Moderate
GHSA-pqpp-2363-649v
was published
for
buttle
(npm)
Sep 2, 2020
Cross-Site Scripting in harp
Moderate
GHSA-cx7r-634m-2q2h
was published
for
harp
(npm)
Sep 2, 2020
•
withdrawn
Directory Traversal in featurebook
Moderate
GHSA-7x92-2j68-h32c
was published
for
featurebook
(npm)
Sep 1, 2020
Insecure Defaults Leads to Potential MITM in ezseed-transmission
Moderate
CVE-2016-1000224
was published
for
ezseed-transmission
(npm)
Sep 1, 2020
CSRF vulnerability in save-server
Moderate
CVE-2020-15135
was published
for
save-server
(npm)
Aug 4, 2020
Command injection in codecov (npm package)
Moderate
CVE-2020-15123
was published
for
codecov
(npm)
Jul 20, 2020
DoS via malicious record IDs in WatermelonDB
Moderate
CVE-2020-4035
was published
for
@nozbe/watermelondb
(npm)
Jun 3, 2020
CSRF and DNS Rebinding in Oasis
Moderate
CVE-2020-11003
was published
for
@fraction/oasis
(npm)
Apr 16, 2020
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Pomelo allows external control of critical state data
Moderate
CVE-2019-18954
was published
for
pomelo
(npm)
Dec 2, 2019
Cross-Site Scripting in webtorrent
Moderate
CVE-2019-15782
was published
for
webtorrent
(npm)
Sep 4, 2019
Cross-Site Scripting in http-file-server
Moderate
CVE-2019-5458
was published
for
http-file-server
(npm)
Jul 31, 2019
Cross-Site Scripting in min-http-server
Moderate
CVE-2019-5457
was published
for
min-http-server
(npm)
Jul 31, 2019
Cross-Site Scripting via JSONP
Moderate
GHSA-28hp-fgcr-2r4h
was published
for
angular
(npm)
Jun 27, 2019
Forced Logout in keycloak-connect
Moderate
CVE-2019-10157
was published
for
keycloak-connect
(npm)
Jun 13, 2019
Reflected Cross-Site Scripting in jquery.terminal
Moderate
GHSA-2hwp-g4g7-mwwj
was published
for
jquery.terminal
(npm)
May 29, 2019
Cross-Site Scripting (XSS) in Verdaccio
Moderate
CVE-2019-14772
was published
for
verdaccio
(npm)
May 29, 2019
Cross-Site Scripting in simple-markdown
Moderate
CVE-2019-9844
was published
for
simple-markdown
(npm)
Apr 9, 2019
Materialize-css vulnerable to Cross-site Scripting in tooltip component
Moderate
CVE-2019-11002
was published
for
@materializecss/materialize
(npm)
Apr 9, 2019
ProTip!
Advisories are also available from the
GraphQL API