GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,543 advisories
Filter by severity
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input
High
CVE-2017-16138
was published
for
mime
(npm)
Jul 20, 2018
Denial of Service vulnerability with large JSON payloads in fastify
High
CVE-2018-3711
was published
for
fastify
(npm)
Jul 18, 2018
Path Traversal in crud-file-server
High
CVE-2018-3733
was published
for
crud-file-server
(npm)
Jul 18, 2018
Cross-site Scripting (XSS) - Stored in crud-file-server
Moderate
CVE-2018-3726
was published
for
crud-file-server
(npm)
Jul 18, 2018
Information Exposure on Case Insensitive File Systems in serve
Moderate
CVE-2018-3809
was published
for
serve
(npm)
Jul 18, 2018
Withdrawn Advisory: mariadb was malware
High
CVE-2017-16046
was published
for
mariadb
(npm)
Jul 18, 2018
•
withdrawn
Sandbox Breakout in safe-eval
Critical
CVE-2017-16088
was published
for
safe-eval
(npm)
Jul 18, 2018
Code Execution through IIFE in node-serialize
Critical
CVE-2017-5941
was published
for
node-serialize
(npm)
Jul 18, 2018
Code Execution Through IIFE in serialize-to-js
Critical
CVE-2017-5954
was published
for
serialize-to-js
(npm)
Jul 18, 2018
Malicious Package in eslint-scope
Critical
GHSA-hxxf-q3w9-4xgw
was published
for
eslint-config-eslint
(npm)
Jul 12, 2018
Growl before 1.10.0 vulnerable to Command Injection
Critical
CVE-2017-16042
was published
for
growl
(npm)
Jun 8, 2018
Incorrect handling of CORS preflight request headers in hapi
Moderate
CVE-2015-9236
was published
for
hapi
(npm)
Jun 7, 2018
Arbitrary Code Injection in reduce-css-calc
Critical
CVE-2016-10548
was published
for
reduce-css-calc
(npm)
Jun 7, 2018
Cross-Site Scripting in @ckeditor/ckeditor5-link
Moderate
CVE-2018-11093
was published
for
@ckeditor/ckeditor5-link
(npm)
May 23, 2018
Cross-Site Scripting in @risingstack/protect
Moderate
CVE-2018-1000160
was published
for
@risingstack/protect
(npm)
Apr 25, 2018
ProTip!
Advisories are also available from the
GraphQL API