Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,044 advisories

Loading
Introspection in schema validation in Apollo Server Moderate
GHSA-w42g-7vfc-xf37 was published for apollo-server (npm) Jun 5, 2020
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) Moderate
GHSA-7fhm-mqm4-2wp7 was published for acorn (npm) Mar 13, 2020 withdrawn
CSRF and DNS Rebinding in Oasis Moderate
CVE-2020-11003 was published for @fraction/oasis (npm) Apr 16, 2020
christianbundy zozs
Arbitrary File Read in Snyk Broker Moderate
CVE-2020-7652 was published for snyk-broker (npm) Jun 3, 2020
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js Moderate
CVE-2017-11429 was published for saml2-js (npm) Jul 5, 2019
HTML Injection in shout Moderate
CVE-2017-16043 was published for shout (npm) Nov 7, 2018
Cross Site Scripting (XSS) in plotly.js Moderate
CVE-2017-1000006 was published for plotly.js (npm) Oct 24, 2017
Cross-Site Scripting in editor.md Moderate
CVE-2019-9737 was published for editor.md (npm) Mar 14, 2019
Moderate severity vulnerability that affects mustache Moderate
GHSA-3233-rgx3-c2wh was published for mustache (npm) Oct 9, 2018 withdrawn
Regular Expression Denial of Service in ssri Moderate
CVE-2018-7651 was published for ssri (npm) Mar 7, 2018
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7453 was published for validator (npm) Oct 24, 2017
Downloads Resources over HTTP in jser-stat Moderate
CVE-2016-10592 was published for jser-stat (npm) Feb 18, 2019
Information Exposure on Case Insensitive File Systems in serve Moderate
CVE-2018-3809 was published for serve (npm) Jul 18, 2018
Cross-Site Scripting in glance Moderate
CVE-2018-3748 was published for glance (npm) Sep 27, 2018
Cross-Site Scripting in keystone Moderate
CVE-2017-15878 was published for keystone (npm) Nov 15, 2017
XSS Filter Bypass via Encoded URL in validator Moderate
CVE-2014-9772 was published for validator (npm) Nov 6, 2018
Insecure Default Configuration in airbrake Moderate
CVE-2016-10530 was published for airbrake (npm) Feb 18, 2019
Cross-Site Scripting in public Moderate
CVE-2018-3747 was published for public (npm) Oct 10, 2018
Insight API transaction broadcast endpoint can result in Full Path Disclosure Moderate
CVE-2018-1000023 was published for insight-api (npm) Mar 5, 2018
Cross-Site Scripting in nunjucks Moderate
CVE-2016-10547 was published for nunjucks (npm) Nov 6, 2018
Moderate severity vulnerability that affects total.js Moderate
CVE-2019-10260 was published for total.js (npm) Apr 2, 2019
Cross-Site Scripting in keystone Moderate
CVE-2017-15881 was published for keystone (npm) Nov 16, 2017
Denial of Service in mqtt Moderate
CVE-2017-10910 was published for mqtt (npm) Dec 28, 2017
Route Validation Bypass in call Moderate
CVE-2016-10543 was published for call (npm) Feb 18, 2019
Cross-Site Scripting in handlebars Moderate
CVE-2015-8861 was published for handlebars (npm) Oct 23, 2018
ProTip! Advisories are also available from the GraphQL API