Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

147 advisories

Loading
Cross-Site Scripting in harp Moderate
GHSA-cx7r-634m-2q2h was published for harp (npm) Sep 2, 2020 withdrawn
Cross-Site Scripting in serve Moderate
GHSA-cpgr-wmr9-qxv4 was published for serve (npm) Sep 11, 2020
CSRF vulnerability in save-server Moderate
CVE-2020-15135 was published for save-server (npm) Aug 4, 2020
Denial of service in fastify Moderate
CVE-2020-8192 was published for fastify (npm) Aug 5, 2020
Directory Traversal in featurebook Moderate
GHSA-7x92-2j68-h32c was published for featurebook (npm) Sep 1, 2020
Insecure Defaults Leads to Potential MITM in ezseed-transmission Moderate
CVE-2016-1000224 was published for ezseed-transmission (npm) Sep 1, 2020
Cross-Site Scripting in simple-markdown Moderate
CVE-2019-9844 was published for simple-markdown (npm) Apr 9, 2019
Downloads Resources over HTTP in arcanist Moderate
CVE-2016-10683 was published for arcanist (npm) Feb 18, 2019
Moderate severity vulnerability that affects marked Moderate
CVE-2017-17461 was published for marked (npm) Jan 4, 2018 withdrawn
Denial of Service in mqtt Moderate
CVE-2017-10910 was published for mqtt (npm) Dec 28, 2017
Cross-Site Scripting in public Moderate
CVE-2018-3747 was published for public (npm) Oct 10, 2018
Cross-Site Scripting in keystone Moderate
CVE-2017-15878 was published for keystone (npm) Nov 15, 2017
Cross-Site Scripting in editor.md Moderate
CVE-2019-9737 was published for editor.md (npm) Mar 14, 2019
Cross Site Scripting (XSS) in plotly.js Moderate
CVE-2017-1000006 was published for plotly.js (npm) Oct 24, 2017
CSRF and DNS Rebinding in Oasis Moderate
CVE-2020-11003 was published for @fraction/oasis (npm) Apr 16, 2020
christianbundy zozs
Cross-Site Scripting (XSS) in Verdaccio Moderate
CVE-2019-14772 was published for verdaccio (npm) May 29, 2019
evilpacket
DoS via malicious record IDs in WatermelonDB Moderate
CVE-2020-4035 was published for @nozbe/watermelondb (npm) Jun 3, 2020
Cross-Site Scripting via JSONP Moderate
GHSA-28hp-fgcr-2r4h was published for angular (npm) Jun 27, 2019
Denial of Service in canvas Moderate
GHSA-vpq5-4rc8-c222 was published for canvas (npm) Jun 5, 2019
Reflected Cross-Site Scripting in jquery.terminal Moderate
GHSA-2hwp-g4g7-mwwj was published for jquery.terminal (npm) May 29, 2019
Read the Docs vulnerable to Cross-Site Scripting (XSS) Moderate
GHSA-98pf-gfh3-x3mp was published for readthedocs (npm) Nov 10, 2022
stsewd
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page Moderate
GHSA-2fvv-qxrq-7jq6 was published for apollo-server-core (npm) Aug 18, 2022
adenkiewicz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database