Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

3,702 advisories

Loading
Cross-Site Scripting in dojo Moderate
CVE-2015-5654 was published for dojo (npm) Sep 11, 2020
Server secret was included in static assets and served to clients Critical
GHSA-r587-7jh2-4qr3 was published for flood (npm) Aug 26, 2020
jesec
Cross-site Scripting in yapi-vendor Moderate
CVE-2018-17574 was published for yapi-vendor (npm) Nov 21, 2018
Ghost vulnerable to remote code execution in locale setting change Moderate
GHSA-7v28-g2pq-ggg8 was published for ghost (npm) Jun 17, 2022
devx00
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments Moderate
GHSA-v7x3-7hw7-pcjg was published for renovate (npm) Oct 21, 2019
Renovate vulnerable to Azure DevOps token leakage in logs Moderate
GHSA-36rh-ggpr-j3gj was published for renovate (npm) Sep 14, 2020
ylemkimon
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page Moderate
GHSA-2fvv-qxrq-7jq6 was published for apollo-server-core (npm) Aug 18, 2022
adenkiewicz
Read the Docs vulnerable to Cross-Site Scripting (XSS) Moderate
GHSA-98pf-gfh3-x3mp was published for readthedocs (npm) Nov 10, 2022
stsewd
Redwood is vulnerable to account takeover via dbAuth "forgot-password" High
GHSA-3qmc-2r76-4rqp was published for @redwoodjs/api (npm) Nov 10, 2022
Parse Server before v3.4.1 vulnerable to Denial of Service High
CVE-2019-1020012 was published for parse-server (npm) Jun 13, 2019
Batched HTTP requests may set incorrect `cache-control` response header Moderate
GHSA-8r69-3cvp-wxc3 was published for @apollo/server (npm) Nov 2, 2022
Incorrect default cookie name and recommendation Low
GHSA-jjmg-x456-w976 was published for csrf-csrf (npm) Oct 10, 2022
Improper handling of multiline messages in node-irc High
GHSA-52rh-5rpj-c3w6 was published for matrix-org-irc (npm) May 5, 2022
kurt-r2c
Cross-Site Scripting in simditor Moderate
CVE-2018-19048 was published for simditor (npm) May 14, 2019
Cryptographically Weak PRNG in generate-password Moderate
GHSA-6qqf-vvcr-7qrv was published for generate-password (npm) May 23, 2019
Command Injection in fs-git High
CVE-2017-16087 was published for fs-git (npm) May 29, 2019
Directory Traversal High
GHSA-26hg-crh6-mjrw was published for list-n-stream (npm) Feb 23, 2021 withdrawn
Server-Side Request Forgery in terriajs-server High
GHSA-p72p-rjr2-r439 was published for terriajs-server (npm) May 29, 2019
Path Traversal in angular-http-server High
GHSA-vmhw-fhj6-m3g5 was published for angular-http-server (npm) May 31, 2019
Insecure Credential Storage in web3 Low
GHSA-27v7-qhfv-rqq8 was published for web3 (npm) May 30, 2019
SQL Injection in waterline-sequel High
GHSA-mpcx-8qqw-rmcq was published for waterline-sequel (npm) Aug 19, 2020 withdrawn
Reflected Cross-Site Scripting in jquery.terminal Moderate
GHSA-2hwp-g4g7-mwwj was published for jquery.terminal (npm) May 29, 2019
Denial of Service in foreman High
GHSA-xm28-fw2x-fqv2 was published for foreman (npm) May 31, 2019
Withdrawn Moderate
GHSA-chgg-rrmv-5q7x was published for jwt-simple (npm) Aug 3, 2020 withdrawn
Cross-Site Scripting in bootbox Moderate
GHSA-87mg-h5r3-hw88 was published for bootbox (npm) May 30, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database