GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
954 advisories
Filter by severity
Potential Command Injection in shell-quote
Critical
CVE-2016-10541
was published
for
shell-quote
(npm)
Feb 18, 2019
Authentication Bypass in console-io
Critical
CVE-2016-10532
was published
for
console-io
(npm)
Feb 18, 2019
Authentication Bypass in hapi-auth-jwt2
Critical
CVE-2016-10525
was published
for
hapi-auth-jwt2
(npm)
Feb 18, 2019
Critical severity vulnerability that affects Haraka
Critical
CVE-2016-1000282
was published
for
Haraka
(npm)
Feb 12, 2019
Prototype Pollution in node.extend
Critical
CVE-2018-16491
was published
for
node.extend
(npm)
Feb 7, 2019
Prototype Pollution in just-extend
Critical
CVE-2018-16489
was published
for
just-extend
(npm)
Feb 7, 2019
Prototype Pollution in defaults-deep
Critical
CVE-2018-16486
was published
for
defaults-deep
(npm)
Feb 7, 2019
Unrestricted Upload of File with Dangerous Type in jquery-file-upload
Critical
CVE-2018-9207
was published
for
jquery-file-upload
(npm)
Dec 19, 2018
Critical severity vulnerability that affects event-stream and flatmap-stream
Critical
GHSA-mh6f-8j2x-4483
was published
for
event-stream
(npm)
Nov 26, 2018
Forgeable Public/Private Tokens in jwt-simple
Critical
CVE-2016-10555
was published
for
jwt-simple
(npm)
Nov 6, 2018
Command Injection in apex-publish-static-files
Critical
CVE-2018-16462
was published
for
apex-publish-static-files
(npm)
Nov 1, 2018
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload
Critical
CVE-2018-9206
was published
for
blueimp-file-upload
(npm)
Oct 22, 2018
dojox vulnerable to unescaped string injection
Critical
CVE-2018-15494
was published
for
dojox
(npm)
Oct 15, 2018
Prototype Pollution in deep-extend
Critical
CVE-2018-3750
was published
for
deep-extend
(npm)
Oct 9, 2018
Verification Bypass in jsonwebtoken
Critical
CVE-2015-9235
was published
for
jsonwebtoken
(npm)
Oct 9, 2018
Prototype Pollution in merge-options
Critical
CVE-2018-3752
was published
for
merge-options
(npm)
Oct 9, 2018
Prototype Pollution in async merge-object
Critical
CVE-2018-3753
was published
for
merge-object
(npm)
Sep 18, 2018
Prototype Pollution in merge-recursive
Critical
CVE-2018-3751
was published
for
merge-recursive
(npm)
Sep 18, 2018
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
Insufficient Entropy in cryptiles
Critical
CVE-2018-1000620
was published
for
cryptiles
(npm)
Sep 11, 2018
ProTip!
Advisories are also available from the
GraphQL API