Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,543 advisories

Loading
ejs is vulnerable to remote code execution due to weak input validation Critical
CVE-2017-1000228 was published for ejs (npm) Nov 30, 2017
mde ejs vulnerable to XSS Moderate
CVE-2017-1000188 was published for ejs (npm) Nov 30, 2017
Cross-Site Request Forgery (CSRF) in keystone High
CVE-2017-16570 was published for keystone (npm) Nov 30, 2017
Potential Command Injection in printer Critical
CVE-2014-3741 was published for printer (npm) Nov 28, 2017
Potential Command Injection in codem-transcode High
CVE-2013-7377 was published for codem-transcode (npm) Nov 28, 2017
Cross-Site Scripting in keystone Moderate
CVE-2017-15881 was published for keystone (npm) Nov 16, 2017
Keystone is vulnerable to CSV injection High
CVE-2017-15879 was published for keystone (npm) Nov 16, 2017
keycloak-connect and keycloak-js improperly handle invalid tokens Critical
CVE-2017-7474 was published for keycloak-connect (npm) Nov 15, 2017
melkikh
Cross-Site Scripting in keystone Moderate
CVE-2017-15878 was published for keystone (npm) Nov 15, 2017
Cross-site Scripting in jquery-ui Moderate
CVE-2010-5312 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS Moderate
CVE-2012-6662 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
Deserialization Code Execution in js-yaml Critical
CVE-2013-4660 was published for js-yaml (npm) Oct 24, 2017
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js Critical
CVE-2015-8857 was published for uglifier (RubyGems) Oct 24, 2017
Regular Expression Denial of Service in uglify-js High
CVE-2015-8858 was published for uglify-js (npm) Oct 24, 2017
Denial-of-Service Memory Exhaustion in qs High
CVE-2014-7191 was published for qs (npm) Oct 24, 2017
File Descriptor Leak Can Cause DoS Vulnerability in hapi High
CVE-2014-3742 was published for hapi (npm) Oct 24, 2017
Regular Expression Denial of Service in semver High
CVE-2015-8855 was published for semver (npm) Oct 24, 2017
VBScript Content Injection in marked Moderate
CVE-2015-1370 was published for marked (npm) Oct 24, 2017
Arbitrary JavaScript Execution in bassmaster Critical
CVE-2014-7205 was published for bassmaster (npm) Oct 24, 2017
Directory Traversal in geddy High
CVE-2015-5688 was published for geddy (npm) Oct 24, 2017
Potential for Script Injection in syntax-error High
CVE-2014-7192 was published for syntax-error (npm) Oct 24, 2017
RDIL
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7452 was published for validator (npm) Oct 24, 2017
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7453 was published for validator (npm) Oct 24, 2017
Symlink Arbitrary File Overwrite in tar High
CVE-2015-8860 was published for tar (npm) Oct 24, 2017
CORS Token Disclosure in crumb Moderate
CVE-2014-7193 was published for crumb (npm) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API