Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,984
Erlang
29
GitHub Actions
16
Go
1,770
Maven
4,994
npm
3,540
NuGet
617
pip
3,115
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,050 advisories

Loading
Unsafe Merging of CORS Configuration Conflict in hapi Moderate
CVE-2015-9243 was published for hapi (npm) Sep 1, 2020
Insecure Defaults Leads to Potential MITM in ezseed-transmission Moderate
CVE-2016-1000224 was published for ezseed-transmission (npm) Sep 1, 2020
Hidden Directories Always Served in inert Moderate
CVE-2014-10068 was published for inert (npm) Aug 31, 2020
Multiple Content Injection Vulnerabilities in marked Moderate
CVE-2014-3743 was published for marked (npm) Aug 31, 2020
Directory Traversal in featurebook Moderate
GHSA-7x92-2j68-h32c was published for featurebook (npm) Sep 1, 2020
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page Moderate
CVE-2018-18282 was published for next (npm) Oct 15, 2018
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7451 was published for validator (npm) Oct 24, 2017
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7452 was published for validator (npm) Oct 24, 2017
Command Injection in wxchangba Moderate
GHSA-j6v9-xgvh-f796 was published for wxchangba (npm) Sep 11, 2020
Cross-Site Scripting in @berslucas/liljs Moderate
GHSA-c53x-wwx2-pg96 was published for @berslucas/liljs (npm) Sep 3, 2020
Denial of Service in node-sass Moderate
GHSA-9v62-24cr-58cx was published for node-sass (npm) Sep 11, 2020
Directory Traversal in restafary Moderate
CVE-2016-10528 was published for restafary (npm) Feb 18, 2019
CSRF Vulnerability in polaris-website Moderate
GHSA-whrh-9j4q-g7ph was published for polaris-website (npm) Aug 5, 2020
XSS via JQLite DOM manipulation functions in AngularJS Moderate
GHSA-5cp4-xmrw-59wf was published for angular (npm) Aug 5, 2020
koto masatokinugawa
Moderate severity vulnerability that affects validator Moderate
GHSA-9959-c6q6-6qp3 was published for validator (npm) Oct 24, 2017 withdrawn
Denial of service in fastify Moderate
CVE-2020-8192 was published for fastify (npm) Aug 5, 2020
Regular Expression Denial of Service in bleach Moderate
CVE-2014-8881 was published for bleach (npm) Sep 1, 2020
Downloads Resources over HTTP in adamvr-geoip-lite Moderate
CVE-2016-10680 was published for adamvr-geoip-lite (npm) Sep 1, 2020
Spoofing attack due to unvalidated KDC in node-krb5 Moderate
CVE-2016-1000238 was published for node-krb5 (npm) Sep 1, 2020
Remote Memory Exposure in openwhisk Moderate
GHSA-53mj-mc38-q894 was published for openwhisk (npm) Sep 1, 2020
HTML Injection in preact Moderate
GHSA-cg48-9hh2-x6mx was published for preact (npm) Sep 2, 2020
CSRF vulnerability in save-server Moderate
CVE-2020-15135 was published for save-server (npm) Aug 4, 2020
Cross-Site Scripting in google-closure-library Moderate
GHSA-r9q4-w3fm-wrm2 was published for google-closure-library (npm) Sep 2, 2020
XSS due to lack of CSRF validation for replying/publishing Moderate
CVE-2020-15156 was published for nodebb-plugin-blog-comments (npm) Aug 26, 2020
gwynnarth
Denial of Service in http-live-simulator Moderate
GHSA-xgp2-cc4r-7vf6 was published for http-live-simulator (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API