GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,427
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+
63 advisories
Filter by severity
Improper handling of multiline messages in node-irc
High
GHSA-52rh-5rpj-c3w6
was published
for
matrix-org-irc
(npm)
May 5, 2022
High severity vulnerability that affects qs
High
GHSA-crvj-3gj9-gm2p
was published
for
qs
(npm)
Oct 9, 2018
•
withdrawn
High severity vulnerability that affects electron
High
CVE-2016-1202
was published
for
electron
(npm)
Oct 24, 2017
Path Traversal in superstatic
High
GHSA-wm77-q74p-5763
was published
for
superstatic
(npm)
Jul 27, 2018
Downloads Resources over HTTP in imageoptim
High
CVE-2016-10596
was published
for
imageoptim
(npm)
Feb 18, 2019
Regular Expression Denial of Service in parsejson
High
CVE-2017-16113
was published
for
parsejson
(npm)
Jul 24, 2018
High severity vulnerability that affects uglify-js
High
GHSA-g6f4-j6c2-w3p3
was published
for
uglify-js
(npm)
Oct 9, 2018
•
withdrawn
Infinite loop causing Denial of Service in colors
High
GHSA-5rqg-jm4f-cqx7
was published
for
Colors
(npm)
Jan 10, 2022
selenium-binaries downloads resources over HTTP
High
CVE-2016-10589
was published
for
selenium-binaries
(npm)
Feb 18, 2019
Packing does not respect root-level ignore files in workspaces
High
CVE-2022-29244
was published
for
npm
(npm)
Jun 2, 2022
OS Command Injection in s3-uploader
High
CVE-2021-34084
was published
for
s3-uploader
(npm)
Jun 3, 2022
file-type vulnerable to Infinite Loop via malformed MKV file
High
CVE-2022-36313
was published
for
file-type
(npm)
Jul 22, 2022
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
High
CVE-2022-41340
was published
for
@lionello/secp256k1-js
(npm)
Sep 25, 2022
Parse Server crashes with query parameter
High
CVE-2021-39187
was published
for
parse-server
(npm)
Sep 2, 2021
Denial of Service (DoS) in restify-paginate
High
CVE-2020-27543
was published
for
restify-paginate
(npm)
Apr 12, 2021
Remote code execution via the `pretty` option.
High
CVE-2021-21353
was published
for
pug
(npm)
Mar 3, 2021
Denial of Service in get-ip-range
High
CVE-2021-27191
was published
for
get-ip-range
(npm)
Apr 13, 2021
"Arbitrary code execution in socket.io-file"
High
CVE-2020-24807
was published
for
socket.io-file
(npm)
May 10, 2021
Use of Potentially Dangerous Function in mixme
High
CVE-2021-29491
was published
for
mixme
(npm)
May 6, 2021
Missing Release of Memory after Effective Lifetime in detect-character-encoding
High
CVE-2021-39176
was published
for
detect-character-encoding
(npm)
Sep 1, 2021
Improper Handling of Exceptional Conditions in detect-character-encoding
High
CVE-2021-39157
was published
for
detect-character-encoding
(npm)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API