Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

147 advisories

Loading
Cross-Site Scripting in serve Moderate
GHSA-cpgr-wmr9-qxv4 was published for serve (npm) Sep 11, 2020
Command Injection in wizard-syncronizer Moderate
GHSA-wgw3-gf4p-62xc was published for wizard-syncronizer (npm) Sep 11, 2020
Denial of Service in sequelize Moderate
GHSA-fw4p-36j9-rrj3 was published for sequelize (npm) Sep 3, 2020
Cross-Site Scripting in buttle Moderate
GHSA-pqpp-2363-649v was published for buttle (npm) Sep 2, 2020
Cross-Site Scripting in harp Moderate
GHSA-cx7r-634m-2q2h was published for harp (npm) Sep 2, 2020 withdrawn
Directory Traversal in featurebook Moderate
GHSA-7x92-2j68-h32c was published for featurebook (npm) Sep 1, 2020
Directory Traversal in dasafio Moderate
CVE-2017-16179 was published for dasafio (npm) Sep 1, 2020
Insecure Defaults Leads to Potential MITM in ezseed-transmission Moderate
CVE-2016-1000224 was published for ezseed-transmission (npm) Sep 1, 2020
Denial of service in fastify Moderate
CVE-2020-8192 was published for fastify (npm) Aug 5, 2020
CSRF vulnerability in save-server Moderate
CVE-2020-15135 was published for save-server (npm) Aug 4, 2020
Command injection in codecov (npm package) Moderate
CVE-2020-15123 was published for codecov (npm) Jul 20, 2020
DoS via malicious record IDs in WatermelonDB Moderate
CVE-2020-4035 was published for @nozbe/watermelondb (npm) Jun 3, 2020
CSRF and DNS Rebinding in Oasis Moderate
CVE-2020-11003 was published for @fraction/oasis (npm) Apr 16, 2020
christianbundy zozs
Denial of Service in uap-core when processing crafted User-Agent strings Moderate
CVE-2020-5243 was published for uap-core (RubyGems) Feb 20, 2020
bcaller
Pomelo allows external control of critical state data Moderate
CVE-2019-18954 was published for pomelo (npm) Dec 2, 2019
Cross-Site Scripting in webtorrent Moderate
CVE-2019-15782 was published for webtorrent (npm) Sep 4, 2019
tdunlap607
Cross-Site Scripting in http-file-server Moderate
CVE-2019-5458 was published for http-file-server (npm) Jul 31, 2019
Cross-Site Scripting in min-http-server Moderate
CVE-2019-5457 was published for min-http-server (npm) Jul 31, 2019
Cross-Site Scripting via JSONP Moderate
GHSA-28hp-fgcr-2r4h was published for angular (npm) Jun 27, 2019
Forced Logout in keycloak-connect Moderate
CVE-2019-10157 was published for keycloak-connect (npm) Jun 13, 2019
Denial of Service in canvas Moderate
GHSA-vpq5-4rc8-c222 was published for canvas (npm) Jun 5, 2019
Reflected Cross-Site Scripting in jquery.terminal Moderate
GHSA-2hwp-g4g7-mwwj was published for jquery.terminal (npm) May 29, 2019
Cross-Site Scripting (XSS) in Verdaccio Moderate
CVE-2019-14772 was published for verdaccio (npm) May 29, 2019
evilpacket
Cross-Site Scripting in simple-markdown Moderate
CVE-2019-9844 was published for simple-markdown (npm) Apr 9, 2019
Materialize-css vulnerable to Cross-site Scripting in tooltip component Moderate
CVE-2019-11002 was published for @materializecss/materialize (npm) Apr 9, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database