GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,984
Erlang
29
GitHub Actions
16
Go
1,770
Maven
4,994
npm
3,540
NuGet
617
pip
3,115
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,050 advisories
Filter by severity
Unsafe Merging of CORS Configuration Conflict in hapi
Moderate
CVE-2015-9243
was published
for
hapi
(npm)
Sep 1, 2020
Insecure Defaults Leads to Potential MITM in ezseed-transmission
Moderate
CVE-2016-1000224
was published
for
ezseed-transmission
(npm)
Sep 1, 2020
Hidden Directories Always Served in inert
Moderate
CVE-2014-10068
was published
for
inert
(npm)
Aug 31, 2020
Multiple Content Injection Vulnerabilities in marked
Moderate
CVE-2014-3743
was published
for
marked
(npm)
Aug 31, 2020
Directory Traversal in featurebook
Moderate
GHSA-7x92-2j68-h32c
was published
for
featurebook
(npm)
Sep 1, 2020
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page
Moderate
CVE-2018-18282
was published
for
next
(npm)
Oct 15, 2018
Moderate severity vulnerability that affects validator
Moderate
CVE-2013-7451
was published
for
validator
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects validator
Moderate
CVE-2013-7452
was published
for
validator
(npm)
Oct 24, 2017
Command Injection in wxchangba
Moderate
GHSA-j6v9-xgvh-f796
was published
for
wxchangba
(npm)
Sep 11, 2020
Cross-Site Scripting in @berslucas/liljs
Moderate
GHSA-c53x-wwx2-pg96
was published
for
@berslucas/liljs
(npm)
Sep 3, 2020
Denial of Service in node-sass
Moderate
GHSA-9v62-24cr-58cx
was published
for
node-sass
(npm)
Sep 11, 2020
Directory Traversal in restafary
Moderate
CVE-2016-10528
was published
for
restafary
(npm)
Feb 18, 2019
CSRF Vulnerability in polaris-website
Moderate
GHSA-whrh-9j4q-g7ph
was published
for
polaris-website
(npm)
Aug 5, 2020
XSS via JQLite DOM manipulation functions in AngularJS
Moderate
GHSA-5cp4-xmrw-59wf
was published
for
angular
(npm)
Aug 5, 2020
Moderate severity vulnerability that affects validator
Moderate
GHSA-9959-c6q6-6qp3
was published
for
validator
(npm)
Oct 24, 2017
•
withdrawn
Regular Expression Denial of Service in bleach
Moderate
CVE-2014-8881
was published
for
bleach
(npm)
Sep 1, 2020
Downloads Resources over HTTP in adamvr-geoip-lite
Moderate
CVE-2016-10680
was published
for
adamvr-geoip-lite
(npm)
Sep 1, 2020
Spoofing attack due to unvalidated KDC in node-krb5
Moderate
CVE-2016-1000238
was published
for
node-krb5
(npm)
Sep 1, 2020
Remote Memory Exposure in openwhisk
Moderate
GHSA-53mj-mc38-q894
was published
for
openwhisk
(npm)
Sep 1, 2020
CSRF vulnerability in save-server
Moderate
CVE-2020-15135
was published
for
save-server
(npm)
Aug 4, 2020
Cross-Site Scripting in google-closure-library
Moderate
GHSA-r9q4-w3fm-wrm2
was published
for
google-closure-library
(npm)
Sep 2, 2020
XSS due to lack of CSRF validation for replying/publishing
Moderate
CVE-2020-15156
was published
for
nodebb-plugin-blog-comments
(npm)
Aug 26, 2020
Denial of Service in http-live-simulator
Moderate
GHSA-xgp2-cc4r-7vf6
was published
for
http-live-simulator
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API