GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,127 advisories
Filter by severity
Cross-site Scripting in yapi-vendor
Moderate
CVE-2018-17574
was published
for
yapi-vendor
(npm)
Nov 21, 2018
Ghost vulnerable to remote code execution in locale setting change
Moderate
GHSA-7v28-g2pq-ggg8
was published
for
ghost
(npm)
Jun 17, 2022
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Moderate
GHSA-v7x3-7hw7-pcjg
was published
for
renovate
(npm)
Oct 21, 2019
Renovate vulnerable to Azure DevOps token leakage in logs
Moderate
GHSA-36rh-ggpr-j3gj
was published
for
renovate
(npm)
Sep 14, 2020
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page
Moderate
GHSA-2fvv-qxrq-7jq6
was published
for
apollo-server-core
(npm)
Aug 18, 2022
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Moderate
GHSA-98pf-gfh3-x3mp
was published
for
readthedocs
(npm)
Nov 10, 2022
Batched HTTP requests may set incorrect `cache-control` response header
Moderate
GHSA-8r69-3cvp-wxc3
was published
for
@apollo/server
(npm)
Nov 2, 2022
Cryptographically Weak PRNG in generate-password
Moderate
GHSA-6qqf-vvcr-7qrv
was published
for
generate-password
(npm)
May 23, 2019
Cross-Site Scripting in simditor
Moderate
CVE-2018-19048
was published
for
simditor
(npm)
May 14, 2019
Cross-Site Scripting in bootbox
Moderate
GHSA-87mg-h5r3-hw88
was published
for
bootbox
(npm)
May 30, 2019
Reflected Cross-Site Scripting in jquery.terminal
Moderate
GHSA-2hwp-g4g7-mwwj
was published
for
jquery.terminal
(npm)
May 29, 2019
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Command Injection in dns-sync
Moderate
GHSA-c6h2-mpc6-232h
was published
for
dns-sync
(npm)
Aug 27, 2020
•
withdrawn
Out-of-bounds Read in concat-with-sourcemaps
Moderate
GHSA-2xv3-h762-ccxv
was published
for
concat-with-sourcemaps
(npm)
May 29, 2019
Incorrect Authorization
Moderate
GHSA-5hx7-77g4-wqx3
was published
for
aedes
(npm)
Feb 23, 2021
•
withdrawn
Authentication Weakness in keystone
Moderate
GHSA-9xgp-hfw7-73rq
was published
for
keystone
(npm)
Aug 19, 2020
•
withdrawn
Regular Expression Denial of Service
Moderate
GHSA-7m7q-q53v-j47v
was published
for
marked
(npm)
Feb 25, 2021
•
withdrawn
Missing Origin Validation in parcel-bundler
Moderate
GHSA-5j4m-89xf-mf5p
was published
for
parcel-bundler
(npm)
Aug 27, 2020
•
withdrawn
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
ProTip!
Advisories are also available from the
GraphQL API