GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
952 advisories
Filter by severity
Authentication Bypass in hapi-auth-jwt2
Critical
CVE-2016-10525
was published
for
hapi-auth-jwt2
(npm)
Feb 18, 2019
Authentication Bypass in console-io
Critical
CVE-2016-10532
was published
for
console-io
(npm)
Feb 18, 2019
Potential Command Injection in shell-quote
Critical
CVE-2016-10541
was published
for
shell-quote
(npm)
Feb 18, 2019
Command Injection in command-exists
Critical
GHSA-cff4-rrq6-h78w
was published
for
command-exists
(npm)
Jun 3, 2019
Privilege Escalation in express-cart
Critical
GHSA-3fc5-9x9m-vqc4
was published
for
express-cart
(npm)
Jun 3, 2019
Failure to sanitize quotes which can lead to sql injection in squel
Critical
GHSA-4qhx-g9wp-g9m6
was published
for
squel
(npm)
Jun 14, 2019
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople
Critical
GHSA-4vmm-mhcq-4x9j
was published
for
constantinople
(npm)
Jun 14, 2019
Identity Spoofing in libp2p-secio
Critical
GHSA-rch7-f4h5-x9rj
was published
for
libp2p-secio
(npm)
Aug 23, 2019
Arbitrary Code Execution in eslint-utils
Critical
CVE-2019-15657
was published
for
eslint-utils
(npm)
Aug 26, 2019
Prototype Pollution in mixin-deep
Critical
CVE-2019-10746
was published
for
mixin-deep
(npm)
Aug 27, 2019
Prototype Pollution in set-value
Critical
CVE-2019-10747
was published
for
set-value
(npm)
Aug 27, 2019
Critical severity vulnerability that affects generator-jhipster
Critical
GHSA-mwp6-j9wf-968c
was published
for
generator-jhipster
(npm)
Sep 13, 2019
•
withdrawn
Command Injection in gitlabhook
Critical
CVE-2019-5485
was published
for
gitlabhook
(npm)
Sep 16, 2019
Sandbox Breakout in realms-shim
Critical
GHSA-6jg8-7333-554w
was published
for
realms-shim
(npm)
Oct 4, 2019
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
swagger-ui
(npm)
Oct 15, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10760
was published
for
safer-eval
(npm)
Oct 17, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10759
was published
for
safer-eval
(npm)
Oct 21, 2019
Sandbox Breakout in realms-shim
Critical
GHSA-7cg8-pq9v-x98q
was published
for
realms-shim
(npm)
Oct 21, 2019
Improper Input Validation in Automattic Mongoose
Critical
CVE-2019-17426
was published
for
mongoose
(npm)
Oct 22, 2019
ProTip!
Advisories are also available from the
GraphQL API