Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,013
Erlang
29
GitHub Actions
16
Go
1,806
Maven
5,000+
npm
3,553
NuGet
632
pip
3,148
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,405 advisories

Loading
Path Traversal in hekto High
CVE-2018-3725 was published for hekto (npm) Jul 26, 2018
Authentication Bypass in passport-azure-ad High
CVE-2016-7191 was published for passport-azure-ad (npm) Jul 26, 2018
Directory Traversal in cyber-js High
CVE-2017-16093 was published for cyber-js (npm) Jul 27, 2018
Downloads Resources over HTTP in mystem-fix High
CVE-2016-10698 was published for mystem-fix (npm) Jul 27, 2018
High severity vulnerability that affects jquery-ui High
GHSA-g8q2-24jh-5hpc was published for jQuery.UI.Combined (RubyGems) Jul 27, 2018 withdrawn
Path Traversal in mcstatic High
CVE-2018-3730 was published for mcstatic (npm) Jul 27, 2018
Path Traversal in superstatic High
GHSA-wm77-q74p-5763 was published for superstatic (npm) Jul 27, 2018
windows-seleniumjar downloads Resources over HTTP High
CVE-2016-10691 was published for windows-seleniumjar (npm) Jul 31, 2018
Downloads Resources over HTTP in haxeshim High
CVE-2016-10692 was published for haxeshim (npm) Jul 31, 2018
Downloads Resources over HTTP in alto-saxophone High
CVE-2016-10694 was published for alto-saxophone (npm) Jul 31, 2018
Downloads Resources over HTTP in react-native-baidu-voice-synthesizer High
CVE-2016-10697 was published for react-native-baidu-voice-synthesizer (npm) Jul 31, 2018
Regular Expression Denial of Service in hawk High
CVE-2016-2515 was published for hawk (npm) Jul 31, 2018
npm Token Leak in npm High
CVE-2016-3956 was published for npm (npm) Jul 31, 2018
Directory Traversal in ritp High
CVE-2017-16198 was published for ritp (npm) Aug 6, 2018
coffe-script is malware High
CVE-2017-16203 was published for coffe-script (npm) Aug 6, 2018
cofee-script is malware High
CVE-2017-16206 was published for cofee-script (npm) Aug 6, 2018
coffescript is malware High
CVE-2017-16205 was published for coffescript (npm) Aug 6, 2018
discordi.js is malware High
CVE-2017-16207 was published for discordi.js (npm) Aug 6, 2018
Regular Expression Denial of Service in charset High
CVE-2017-16098 was published for charset (npm) Aug 9, 2018
tdunlap607
Regular Expression Denial of Service in sshpk High
CVE-2018-3737 was published for sshpk (npm) Aug 15, 2018
marionette-socket-host downloads Resources over HTTP High
CVE-2016-10648 was published for marionette-socket-host (npm) Aug 15, 2018
Downloads Resources over HTTP in resourcehacker High
CVE-2016-10646 was published for resourcehacker (npm) Aug 15, 2018
grunt-images downloads Resources over HTTP High
CVE-2016-10645 was published for grunt-images (npm) Aug 15, 2018
slimerjs-edge downloads Resources over HTTP High
CVE-2016-10644 was published for slimerjs-edge (npm) Aug 15, 2018
Downloads Resources over HTTP in jstestdriver High
CVE-2016-10643 was published for jstestdriver (npm) Aug 15, 2018
ProTip! Advisories are also available from the GraphQL API