Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,523
NuGet
611
pip
3,098
Pub
10
RubyGems
834
Rust
784
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,427 advisories

Loading
Composer JavaScript injection possible via html comments Moderate
CVE-2019-8233 was published for magento/community-edition (Composer) Nov 12, 2019
Remote code execution in PHPMailer Critical
CVE-2016-10033 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
jquey is malware Moderate
CVE-2017-16204 was published for jquey (npm) Aug 6, 2018
OS Command Injection in pulverizr Critical
CVE-2020-7604 was published for pulverizr (npm) May 7, 2021
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation High
CVE-2023-28433 was published for github.com/minio/minio (Go) Sep 6, 2023
donatello harshavardhana
RicterZ
HashiCorp Consul vulnerable to authorization bypass Moderate
CVE-2022-40716 was published for github.com/hashicorp/consul (Go) Sep 25, 2022
tdunlap607
Unsafe plugins can be installed via pack import by tenant admins High
GHSA-wxf3-4fvj-vqqx was published for @saltcorn/cli (npm) Jul 27, 2023
pyhedgehog
OS Command Injection in closure-compiler-stream Critical
CVE-2020-7603 was published for closure-compiler-stream (npm) May 7, 2021
rendertron can remotely shut down Chrome instance High
CVE-2017-18353 was published for rendertron (npm) Jan 4, 2019
sqlite.js is malware Moderate
CVE-2017-16050 was published for sqlite.js (npm) Jul 23, 2018
dalek-browser-chrome Downloads Resources over HTTP High
CVE-2016-10604 was published for dalek-browser-chrome (npm) Feb 18, 2019
Directory Traversal in jikes Moderate
CVE-2017-16139 was published for jikes (npm) Aug 6, 2018
Directory Traversal in desafio Moderate
CVE-2017-16164 was published for desafio (npm) Aug 6, 2018
Directory Traversal in tinyserver2 High
CVE-2017-16085 was published for tinyserver2 (npm) Jul 24, 2018
hubl-server downloads resources over HTTP High
CVE-2017-16035 was published for hubl-server (npm) Jul 24, 2018
rendertron LFI vulnerability High
CVE-2017-18354 was published for rendertron (npm) Jan 4, 2019
rendertron XSS vulnerability Moderate
CVE-2017-18352 was published for rendertron (npm) Jan 7, 2019
cofeescript is malware Moderate
CVE-2017-16202 was published for cofeescript (npm) Aug 6, 2018
ReDoS via long UserAgent header in useragent High
CVE-2017-16030 was published for useragent (npm) Jul 24, 2018
lodahs is malware High
CVE-2019-19771 was published for lodahs (npm) Dec 16, 2019
Directory Traversal in list-n-stream High
CVE-2017-16084 was published for list-n-stream (npm) Jul 24, 2018
chrome-launcher subject to OS Command Injection Critical
CVE-2020-7645 was published for chrome-launcher (npm) May 24, 2022
furi0us333
Prototype pollution in paypal-adaptive Moderate
CVE-2020-7643 was published for paypal-adaptive (npm) Dec 10, 2021
Cosmos-SDK Cosmovisor component may be vulnerable to denial of service Moderate
GHSA-23px-mw2p-46qm was published for github.com/cosmos/cosmos-sdk (Go) Sep 6, 2023
Command Injection in geojson2kml Critical
CVE-2020-28429 was published for geojson2kml (npm) May 10, 2021
ProTip! Advisories are also available from the GraphQL API