GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,545
NuGet
620
pip
3,136
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,583 advisories
Filter by severity
Directory Traversal
High
GHSA-f6gj-7592-5jxm
was published
for
node-simple-router
(npm)
Feb 23, 2021
•
withdrawn
Cross-Site Scripting in bracket-template
High
GHSA-jj6g-7j8p-7gf2
was published
for
bracket-template
(npm)
May 30, 2019
Regular Expression Denial of Service
Moderate
GHSA-7m7q-q53v-j47v
was published
for
marked
(npm)
Feb 25, 2021
•
withdrawn
Missing Origin Validation in parcel-bundler
Moderate
GHSA-5j4m-89xf-mf5p
was published
for
parcel-bundler
(npm)
Aug 27, 2020
•
withdrawn
Regular Expression Denial of Service in is-my-json-valid
Low
GHSA-4x7c-cx64-49w8
was published
for
is-my-json-valid
(npm)
Aug 19, 2020
•
withdrawn
Path Traversal in localhost-now
High
GHSA-73cw-jxmm-qpgh
was published
for
localhost-now
(npm)
Jun 11, 2019
Command Injection in macaddress
High
GHSA-q9r2-f3vc-rjg8
was published
for
macaddress
(npm)
Aug 19, 2020
•
withdrawn
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
Regular Expression Denial of Service
Moderate
GHSA-6394-6h9h-cfjg
was published
for
nwmatcher
(npm)
Jun 7, 2019
Path Traversal in m-server
Moderate
GHSA-vc6r-4x6g-mmqc
was published
for
m-server
(npm)
Jun 11, 2019
Remote code execution in Handlebars.js
Moderate
GHSA-6r5x-hmgg-7h53
was published
for
handlebars
(npm)
Jul 15, 2019
•
withdrawn
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople
Critical
GHSA-4vmm-mhcq-4x9j
was published
for
constantinople
(npm)
Jun 14, 2019
Cross-Site Scripting in ids-enterprise
High
GHSA-49r3-3h96-rwj6
was published
for
ids-enterprise
(npm)
Jun 13, 2019
Cross-Site Scripting in ids-enterprise
High
GHSA-hpfq-8wx8-cgqw
was published
for
ids-enterprise
(npm)
Jun 13, 2019
Regular Expression Denial of Service
Moderate
GHSA-jcgq-xh2f-2hfm
was published
for
eslint
(npm)
Feb 25, 2021
•
withdrawn
Regular Expression Denial of Service (ReDoS) in lodash
Moderate
CVE-2019-1010266
was published
for
lodash
(npm)
Jul 19, 2019
Denial of Service in protobufjs
Moderate
GHSA-4gpv-cvmq-6526
was published
for
protobufjs
(npm)
Aug 19, 2020
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API