Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,073
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,382 advisories

Loading
Regular Expression Denial of Service in moment High
CVE-2017-18214 was published for moment (npm) Mar 5, 2018
tdunlap607
ejs vulnerable to DoS due to weak input validation High
CVE-2017-1000189 was published for ejs (npm) Mar 5, 2018
AWS Lambda parser is vulnerable to Regular Expression Denial of Service High
CVE-2018-7560 was published for aws-lambda-multipart-parser (npm) Mar 5, 2018
Auth0-js bypasses CSRF checks High
CVE-2018-7307 was published for auth0-js (npm) Mar 7, 2018
pym.js CSRF Vulnerability High
CVE-2018-1000086 was published for pym.js (npm) Mar 13, 2018
tiny-json-http missing SSL certificate validation High
CVE-2018-1000096 was published for tiny-json-http (npm) Mar 13, 2018
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration High
CVE-2018-1000136 was published for electron (npm) Mar 26, 2018
Churro
Electron protocol handler browser vulnerable to Command Injection High
CVE-2018-1000118 was published for electron (npm) Mar 26, 2018
Prototype Pollution in hoek High
CVE-2018-3728 was published for hoek (npm) Apr 26, 2018
Denial of Service in ecstatic High
CVE-2015-9242 was published for ecstatic (npm) Jun 7, 2018
tdunlap607
Denial of Service in hapi High
CVE-2015-9241 was published for hapi (npm) Jun 7, 2018
Authentication Weakness in keystone High
CVE-2015-9240 was published for keystone (npm) Jun 7, 2018
Withdrawn Advisory: mariadb was malware High
CVE-2017-16046 was published for mariadb (npm) Jul 18, 2018 withdrawn
Path Traversal in stattic High
CVE-2018-3734 was published for stattic (npm) Jul 18, 2018
Path Traversal in crud-file-server High
CVE-2018-3733 was published for crud-file-server (npm) Jul 18, 2018
Path Traversal in resolve-path High
CVE-2018-3732 was published for resolve-path (npm) Jul 18, 2018
Path Traversal in public High
CVE-2018-3731 was published for public (npm) Jul 18, 2018
Denial of Service vulnerability with large JSON payloads in fastify High
CVE-2018-3711 was published for fastify (npm) Jul 18, 2018
RDIL
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input High
CVE-2017-16138 was published for mime (npm) Jul 20, 2018
rsalvo77 tdunlap607
Directory Traversal in nodeaaaaa High
CVE-2017-16223 was published for nodeaaaaa (npm) Jul 23, 2018
Directory Traversal in dgard8.lab6 High
CVE-2017-16218 was published for dgard8.lab6 (npm) Jul 23, 2018
Directory Traversal in fbr-client High
CVE-2017-16217 was published for fbr-client (npm) Jul 23, 2018
Directory Traversal in ltt High
CVE-2017-16212 was published for ltt (npm) Jul 23, 2018
Directory Traversal in jn_jj_server High
CVE-2017-16210 was published for jn_jj_server (npm) Jul 23, 2018
Directory Traversal in quickserver High
CVE-2017-16196 was published for quickserver (npm) Jul 23, 2018
ProTip! Advisories are also available from the GraphQL API