Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

53 advisories

Loading
Out-of-bounds Read in npmconf Moderate
GHSA-57cf-349j-352g was published for npmconf (npm) Jun 12, 2019
Moderate severity vulnerability that affects mustache Moderate
GHSA-3233-rgx3-c2wh was published for mustache (npm) Oct 9, 2018 withdrawn
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7453 was published for validator (npm) Oct 24, 2017
Moderate severity vulnerability that affects is-my-json-valid Moderate
GHSA-ccq6-3qx5-vmqx was published for is-my-json-valid (npm) Jul 31, 2018 withdrawn
Cross-Site Scripting in serialize-javascript Moderate
CVE-2019-16769 was published for serialize-javascript (npm) Dec 5, 2019
Moderate severity vulnerability that affects moment Moderate
GHSA-hxf5-mg84-pj4m was published for moment (npm) Jul 31, 2018 withdrawn
Moderate severity vulnerability that affects send Moderate
GHSA-pgv6-jrvv-75jp was published for send (npm) Oct 9, 2018 withdrawn
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7451 was published for validator (npm) Oct 24, 2017
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7452 was published for validator (npm) Oct 24, 2017
Remote Memory Disclosure in bittorrent-dht Moderate
CVE-2016-10519 was published for bittorrent-dht (npm) Sep 1, 2020
Signatures are mistakenly recognized to be valid in jsrsasign Moderate
GHSA-h87q-g2wp-47pj was published for jsrsasign (npm) Feb 9, 2022
Out-of-Bounds read in stringstream Moderate
GHSA-qpw2-xchm-655q was published for stringstream (npm) Jan 6, 2022 withdrawn
mysql Node.JS Module Vulnerable to Remote Memory Exposure Moderate
GHSA-5f7m-mmpc-qhh4 was published for mysql (npm) May 23, 2019
Spoofing attack in swagger-ui-dist Moderate
CVE-2021-46708 was published for swagger-ui-dist (npm) Mar 12, 2022
Got allows a redirect to a UNIX socket Moderate
CVE-2022-33987 was published for got (npm) Jun 19, 2022
sonicdoe
Unexpected server crash in Next.js Moderate
CVE-2022-36046 was published for next (npm) Aug 30, 2022
Cross-site Scripting in jquery.json-viewer Moderate
CVE-2022-30241 was published for jquery.json-viewer (npm) May 5, 2022
Out-of-bounds Read in stringstream Moderate
CVE-2018-21270 was published for stringstream (npm) Jun 20, 2019
Uncaught exception in engine.io Moderate
CVE-2022-41940 was published for engine.io (npm) Nov 21, 2022
G-Rath
Regular expression Denial of Service in @progfay/scrapbox-parser Moderate
CVE-2021-27405 was published for @progfay/scrapbox-parser (npm) Mar 1, 2021
progfay
Weak JSON Web Token in yapi-vendor Moderate
CVE-2021-27884 was published for yapi-vendor (npm) Mar 26, 2021
Improper Access Control in passport-oauth2 Moderate
CVE-2021-41580 was published for passport-oauth2 (npm) Sep 29, 2021
Json2html vulnerable to cross-site scripting Moderate
CVE-2018-25053 was published for node-json2html (npm) Dec 28, 2022
keycloak-connect contains Open redirect vulnerability in the Node.js adapter Moderate
CVE-2022-2237 was published for keycloak-connect (npm) Mar 2, 2023
jviding
Out-of-bounds Read in base64url Moderate
GHSA-rvg8-pwq2-xj7q was published for base64url (npm) Sep 1, 2020
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database