Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,033 advisories

bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (npm) Jan 17, 2019
tdunlap607
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (npm) Jan 17, 2019
tdunlap607
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (npm) Jan 17, 2019
roka-actico
rendertron XSS vulnerability Moderate
CVE-2017-18352 was published for rendertron (npm) Jan 7, 2019
Cross-Site Scripting in react-dom Moderate
CVE-2018-6341 was published for react-dom (npm) Jan 4, 2019
Path Traversal in simplehttpserver Moderate
CVE-2018-16478 was published for simplehttpserver (npm) Dec 6, 2018
SimpleMDE XSS Vulnerability Moderate
CVE-2018-19057 was published for simplemde (npm) Nov 21, 2018
Cross-site Scripting in yapi-vendor Moderate
CVE-2018-17574 was published for yapi-vendor (npm) Nov 21, 2018
Ckeditor XSS Vulnerability Moderate
CVE-2018-17960 was published for ckeditor (Composer) Nov 21, 2018
Valine HTML Injection Moderate
CVE-2018-19289 was published for valine (npm) Nov 21, 2018
Cross-Site Scripting in html-janitor Moderate
CVE-2017-0931 was published for html-janitor (npm) Nov 9, 2018
Content Injection via TileJSON Name in mapbox.js Moderate
CVE-2017-1000043 was published for mapbox-rails (RubyGems) Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js Moderate
CVE-2017-1000042 was published for mapbox-rails (RubyGems) Nov 9, 2018
Cross-Site Scripting in sanitize-html Moderate
CVE-2017-16016 was published for sanitize-html (npm) Nov 9, 2018
Cross-Site Scripting in i18next Moderate
CVE-2017-16008 was published for i18next (npm) Nov 9, 2018
Cross-Site Scripting in morris.js Moderate
CVE-2017-16022 was published for morris.js (npm) Nov 9, 2018
Cross-Site Scripting in forms Moderate
CVE-2017-16015 was published for forms (npm) Nov 9, 2018
Cross-Site Scripting in sanitize-html Moderate
CVE-2017-16017 was published for sanitize-html (npm) Nov 9, 2018
Cross-Site Scripting (XSS) in restify Moderate
CVE-2017-16018 was published for restify (npm) Nov 9, 2018
Tmp files readable by other users in sync-exec Moderate
CVE-2017-16024 was published for sync-exec (npm) Nov 9, 2018
Remote Memory Exposure in request Moderate
CVE-2017-16026 was published for request (npm) Nov 9, 2018
tdunlap607
Pandao editor.md vulnerable to DOM XSS Moderate
CVE-2018-19056 was published for editor.md (npm) Nov 9, 2018
HTML Injection in shout Moderate
CVE-2017-16043 was published for shout (npm) Nov 7, 2018
Cross-Site Scripting in nunjucks Moderate
CVE-2016-10547 was published for nunjucks (npm) Nov 6, 2018
XSS Filter Bypass via Encoded URL in validator Moderate
CVE-2014-9772 was published for validator (npm) Nov 6, 2018
ProTip! Advisories are also available from the GraphQL API