GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
7,033 advisories
Filter by severity
Cross-Site Scripting bypass in html-purify
High
GHSA-5p28-63mc-cgr9
was published
for
html-purify
(npm)
Dec 4, 2020
Secret disclosure when containing characters that become URI encoded
High
CVE-2020-26226
was published
for
semantic-release
(npm)
Nov 18, 2020
Inline attribute values were not processed.
High
CVE-2020-15263
was published
for
orchid/platform
(Composer)
Oct 19, 2020
Arbitrary Code Execution
High
CVE-2014-9357
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Improper Privilege Management in HashiCorp Nomad
High
CVE-2021-3283
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
High
GHSA-crh4-294p-vcfq
was published
for
com.vaadin:vaadin-text-field-flow
(Maven)
Apr 19, 2021
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19
High
GHSA-j9wr-49vq-rm5g
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
High
CVE-2018-17145
was published
for
bcoin
(npm)
Sep 10, 2020
Hardcoded Initialization Vector in parsel
High
GHSA-q643-w9jp-q2qg
was published
for
parsel
(npm)
Sep 4, 2020
Server-Side Request Forgery in @uppy/companion
High
CVE-2020-8135
was published
for
@uppy/companion
(npm)
Sep 3, 2020
Prototype Pollution in @commercial/subtext
High
GHSA-36c4-4r89-6whg
was published
for
@commercial/subtext
(npm)
Sep 3, 2020
Cross-Site Scripting in lazysizes
High
GHSA-w4vp-3mq7-7v82
was published
for
lazysizes
(npm)
Sep 3, 2020
Cross-Site Scripting in nextcloud-vue-collections
High
GHSA-whv6-rj84-2vh2
was published
for
nextcloud-vue-collections
(npm)
Sep 4, 2020
Arbitrary Code Execution in handlebars
High
GHSA-q2c6-c6pm-g3gh
was published
for
handlebars
(npm)
Sep 4, 2020
.NET Core Information Disclosure
High
CVE-2018-8292
was published
for
System.Net.Http
(NuGet)
Apr 21, 2021
Machine-In-The-Middle in airtable
High
GHSA-jrj9-5qp6-2v8q
was published
for
airtable
(npm)
Sep 3, 2020
Cross-Site Scripting in markdown-to-jsx
High
GHSA-ccrp-c664-8p4j
was published
for
markdown-to-jsx
(npm)
Sep 3, 2020
Prototype Pollution in lodash.merge
High
GHSA-h726-x36v-rx45
was published
for
lodash.merge
(npm)
Sep 3, 2020
Cross-Site Scripting in console-feed
High
GHSA-g9wg-wq4f-2x5w
was published
for
console-feed
(npm)
Sep 3, 2020
Sandbox Breakout / Arbitrary Code Execution in notevil
High
GHSA-7r5f-7qr4-pf6q
was published
for
notevil
(npm)
Sep 3, 2020
Prototype Pollution in lodash.mergewith
High
GHSA-779f-wgxg-qr8f
was published
for
lodash.mergewith
(npm)
Sep 3, 2020
Prototype Pollution in lodash.mergewith
High
GHSA-5947-m4fg-xhqg
was published
for
lodash.mergewith
(npm)
Sep 3, 2020
Authentication Bypass in otpauth
High
GHSA-rmmc-8cqj-hfp3
was published
for
otpauth
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API