Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

7,033 advisories

Loading
Cross-Site Scripting bypass in html-purify High
GHSA-5p28-63mc-cgr9 was published for html-purify (npm) Dec 4, 2020
Secret disclosure when containing characters that become URI encoded High
CVE-2020-26226 was published for semantic-release (npm) Nov 18, 2020
dbjorge
Inline attribute values were not processed. High
CVE-2020-15263 was published for orchid/platform (Composer) Oct 19, 2020
Arbitrary Code Execution High
CVE-2014-9357 was published for github.com/docker/docker (Go) Feb 15, 2022
Improper Privilege Management in HashiCorp Nomad High
CVE-2021-3283 was published for github.com/hashicorp/nomad (Go) Jun 24, 2021
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 High
GHSA-crh4-294p-vcfq was published for com.vaadin:vaadin-text-field-flow (Maven) Apr 19, 2021
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19 High
GHSA-j9wr-49vq-rm5g was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145) High
CVE-2018-17145 was published for bcoin (npm) Sep 10, 2020
Hardcoded Initialization Vector in parsel High
GHSA-q643-w9jp-q2qg was published for parsel (npm) Sep 4, 2020
Remote Code Execution in next High
GHSA-5vj8-3v2h-h38v was published for next (npm) Sep 4, 2020
medikoo
Server-Side Request Forgery in @uppy/companion High
CVE-2020-8135 was published for @uppy/companion (npm) Sep 3, 2020
Prototype Pollution in @commercial/subtext High
GHSA-36c4-4r89-6whg was published for @commercial/subtext (npm) Sep 3, 2020
Cross-Site Scripting in lazysizes High
GHSA-w4vp-3mq7-7v82 was published for lazysizes (npm) Sep 3, 2020
Cross-Site Scripting in nextcloud-vue-collections High
GHSA-whv6-rj84-2vh2 was published for nextcloud-vue-collections (npm) Sep 4, 2020
Prototype Pollution in reggae High
GHSA-q9wr-gcjc-hq52 was published for reggae (npm) Sep 4, 2020
Arbitrary Code Execution in handlebars High
GHSA-q2c6-c6pm-g3gh was published for handlebars (npm) Sep 4, 2020
.NET Core Information Disclosure High
CVE-2018-8292 was published for System.Net.Http (NuGet) Apr 21, 2021
Machine-In-The-Middle in airtable High
GHSA-jrj9-5qp6-2v8q was published for airtable (npm) Sep 3, 2020
Cross-Site Scripting in markdown-to-jsx High
GHSA-ccrp-c664-8p4j was published for markdown-to-jsx (npm) Sep 3, 2020
Prototype Pollution in lodash.merge High
GHSA-h726-x36v-rx45 was published for lodash.merge (npm) Sep 3, 2020
Cross-Site Scripting in console-feed High
GHSA-g9wg-wq4f-2x5w was published for console-feed (npm) Sep 3, 2020
Sandbox Breakout / Arbitrary Code Execution in notevil High
GHSA-7r5f-7qr4-pf6q was published for notevil (npm) Sep 3, 2020
Prototype Pollution in lodash.mergewith High
GHSA-779f-wgxg-qr8f was published for lodash.mergewith (npm) Sep 3, 2020
Prototype Pollution in lodash.mergewith High
GHSA-5947-m4fg-xhqg was published for lodash.mergewith (npm) Sep 3, 2020
Authentication Bypass in otpauth High
GHSA-rmmc-8cqj-hfp3 was published for otpauth (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database