GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,545 advisories
Filter by severity
High severity vulnerability that affects jquery-ui
High
GHSA-g8q2-24jh-5hpc
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 27, 2018
•
withdrawn
Downloads Resources over HTTP in mystem-fix
High
CVE-2016-10698
was published
for
mystem-fix
(npm)
Jul 27, 2018
Critical severity vulnerability that affects dns-sync
Critical
GHSA-wxvm-fh75-mpgr
was published
for
dns-sync
(npm)
Jul 26, 2018
•
withdrawn
Arbitrary Code Injection in pouchdb
Critical
CVE-2016-10546
was published
for
pouchdb
(npm)
Jul 26, 2018
Authentication Bypass in passport-azure-ad
High
CVE-2016-7191
was published
for
passport-azure-ad
(npm)
Jul 26, 2018
Path Traversal in general-file-server
High
CVE-2018-3724
was published
for
general-file-server
(npm)
Jul 26, 2018
Prototype Pollution in defaults-deep
High
CVE-2018-3723
was published
for
defaults-deep
(npm)
Jul 26, 2018
Prototype Pollution in merge-deep
High
CVE-2018-3722
was published
for
merge-deep
(npm)
Jul 26, 2018
Prototype Pollution in assign-deep
High
CVE-2018-3720
was published
for
assign-deep
(npm)
Jul 26, 2018
Prototype Pollution in mixin-deep
High
CVE-2018-3719
was published
for
mixin-deep
(npm)
Jul 26, 2018
Stored Cross-Site Scripting in simplehttpserver
Moderate
CVE-2018-3716
was published
for
simplehttpserver
(npm)
Jul 26, 2018
Path Traversal in angular-http-server
Moderate
CVE-2018-3713
was published
for
angular-http-server
(npm)
Jul 26, 2018
Path Traversal in localhost-now
High
CVE-2018-3729
was published
for
localhost-now
(npm)
Jul 25, 2018
Regular Expression Denial of Service in fresh
High
CVE-2017-16119
was published
for
fresh
(npm)
Jul 24, 2018
Regular Expression Denial of Service in forwarded
High
CVE-2017-16118
was published
for
forwarded
(npm)
Jul 24, 2018
Regular Expression Denial of Service in string package
High
CVE-2017-16116
was published
for
string
(npm)
Jul 24, 2018
Regular Expression Denial of Service in tough-cookie
High
CVE-2017-15010
was published
for
tough-cookie
(npm)
Jul 24, 2018
Regular Expression Denial of Service in parsejson
High
CVE-2017-16113
was published
for
parsejson
(npm)
Jul 24, 2018
Regular Expression Denial of Service in marked
High
CVE-2017-16114
was published
for
marked
(npm)
Jul 24, 2018
ProTip!
Advisories are also available from the
GraphQL API