Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,964
Erlang
29
GitHub Actions
16
Go
1,746
Maven
4,974
npm
3,507
NuGet
609
pip
3,071
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,043 advisories

Moderate severity vulnerability that affects moment Moderate
GHSA-hxf5-mg84-pj4m was published for moment (npm) Jul 31, 2018 withdrawn
cofeescript is malware Moderate
CVE-2017-16202 was published for cofeescript (npm) Aug 6, 2018
Directory Traversal in elding Moderate
CVE-2017-16222 was published for elding (npm) Aug 6, 2018
Open Redirect in st Moderate
CVE-2017-16224 was published for st (npm) Aug 6, 2018
Sandbox Breakout / Arbitrary Code Execution in static-eval Moderate
CVE-2017-16226 was published for static-eval (npm) Aug 6, 2018
Directory Traversal in jikes Moderate
CVE-2017-16139 was published for jikes (npm) Aug 6, 2018
Directory Traversal in desafio Moderate
CVE-2017-16164 was published for desafio (npm) Aug 6, 2018
jquey is malware Moderate
CVE-2017-16204 was published for jquey (npm) Aug 6, 2018
metascraper before v5.2.0 vulnerable to stored cross-site scripting Moderate
CVE-2018-3773 was published for metascraper (npm) Aug 8, 2018
superagent vulnerable to zip bomb attacks Moderate
CVE-2017-16129 was published for superagent (npm) Aug 9, 2018
Improper Authorization in aedes Moderate
CVE-2018-3778 was published for aedes (npm) Aug 15, 2018
tdunlap607
Shadowsock is malware Moderate
CVE-2017-16078 was published for shadowsock (npm) Aug 27, 2018
Hijacked Environment Variables in proxy.js Moderate
CVE-2017-16076 was published for proxy.js (npm) Aug 29, 2018
Directory Traversal in easyquick Moderate
CVE-2017-16109 was published for easyquick (npm) Aug 29, 2018
Pandao editor.md vulnerable to XSS in IMG attributes Moderate
CVE-2018-16330 was published for editor.md (npm) Sep 6, 2018
Cross-Site Scripting in exceljs Moderate
CVE-2018-16459 was published for exceljs (npm) Sep 11, 2018
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (Composer) Sep 13, 2018
jenhae
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018
tdunlap607 1Jesper1
Directory Traversal in augustine Moderate
CVE-2017-0930 was published for augustine (npm) Sep 18, 2018
Cross-Site Scripting in glance Moderate
CVE-2018-3748 was published for glance (npm) Sep 27, 2018
Cross-Site Scripting in sexstatic Moderate
CVE-2018-3755 was published for sexstatic (npm) Oct 1, 2018
Denial of Service in protobufjs Moderate
CVE-2018-3738 was published for protobufjs (npm) Oct 9, 2018
Moderate severity vulnerability that affects send Moderate
GHSA-pgv6-jrvv-75jp was published for send (npm) Oct 9, 2018 withdrawn
Moderate severity vulnerability that affects mustache Moderate
GHSA-3233-rgx3-c2wh was published for mustache (npm) Oct 9, 2018 withdrawn
Cryptographically Weak PRNG in randomatic Moderate
CVE-2017-16028 was published for randomatic (npm) Oct 9, 2018
ProTip! Advisories are also available from the GraphQL API