GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,964
Erlang
29
GitHub Actions
16
Go
1,746
Maven
4,974
npm
3,507
NuGet
609
pip
3,071
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,043 advisories
Filter by severity
Moderate severity vulnerability that affects moment
Moderate
GHSA-hxf5-mg84-pj4m
was published
for
moment
(npm)
Jul 31, 2018
•
withdrawn
Sandbox Breakout / Arbitrary Code Execution in static-eval
Moderate
CVE-2017-16226
was published
for
static-eval
(npm)
Aug 6, 2018
metascraper before v5.2.0 vulnerable to stored cross-site scripting
Moderate
CVE-2018-3773
was published
for
metascraper
(npm)
Aug 8, 2018
superagent vulnerable to zip bomb attacks
Moderate
CVE-2017-16129
was published
for
superagent
(npm)
Aug 9, 2018
Hijacked Environment Variables in proxy.js
Moderate
CVE-2017-16076
was published
for
proxy.js
(npm)
Aug 29, 2018
Directory Traversal in easyquick
Moderate
CVE-2017-16109
was published
for
easyquick
(npm)
Aug 29, 2018
Pandao editor.md vulnerable to XSS in IMG attributes
Moderate
CVE-2018-16330
was published
for
editor.md
(npm)
Sep 6, 2018
Cross-Site Scripting in exceljs
Moderate
CVE-2018-16459
was published
for
exceljs
(npm)
Sep 11, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(Composer)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Directory Traversal in augustine
Moderate
CVE-2017-0930
was published
for
augustine
(npm)
Sep 18, 2018
Cross-Site Scripting in sexstatic
Moderate
CVE-2018-3755
was published
for
sexstatic
(npm)
Oct 1, 2018
Denial of Service in protobufjs
Moderate
CVE-2018-3738
was published
for
protobufjs
(npm)
Oct 9, 2018
Moderate severity vulnerability that affects send
Moderate
GHSA-pgv6-jrvv-75jp
was published
for
send
(npm)
Oct 9, 2018
•
withdrawn
Moderate severity vulnerability that affects mustache
Moderate
GHSA-3233-rgx3-c2wh
was published
for
mustache
(npm)
Oct 9, 2018
•
withdrawn
Cryptographically Weak PRNG in randomatic
Moderate
CVE-2017-16028
was published
for
randomatic
(npm)
Oct 9, 2018
ProTip!
Advisories are also available from the
GraphQL API