GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,763
Maven
4,988
npm
3,525
NuGet
615
pip
3,099
Pub
10
RubyGems
834
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,047 advisories
Filter by severity
uap-core Regular Expression Denial of Service issue
Moderate
CVE-2018-20164
was published
for
uap-core
(npm)
Mar 6, 2019
Cross-Site Scripting in editor.md
Moderate
CVE-2019-9737
was published
for
editor.md
(npm)
Mar 14, 2019
Moderate severity vulnerability that affects total.js
Moderate
CVE-2019-10260
was published
for
total.js
(npm)
Apr 2, 2019
Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation
Moderate
CVE-2019-11004
was published
for
@materializecss/materialize
(npm)
Apr 9, 2019
Materialize-css vulnerable to Cross-site Scripting in autocomplete component
Moderate
CVE-2019-11003
was published
for
@materializecss/materialize
(npm)
Apr 9, 2019
Materialize-css vulnerable to Cross-site Scripting in tooltip component
Moderate
CVE-2019-11002
was published
for
@materializecss/materialize
(npm)
Apr 9, 2019
Cross-Site Scripting in simple-markdown
Moderate
CVE-2019-9844
was published
for
simple-markdown
(npm)
Apr 9, 2019
Duplicate Advisory: Prototype Pollution in jquery
Moderate
CVE-2019-5428
was published
for
jquery
(RubyGems)
Apr 23, 2019
•
withdrawn
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Cross-Site Scripting in simditor
Moderate
CVE-2018-19048
was published
for
simditor
(npm)
May 14, 2019
Cross-Site Scripting in webpack-bundle-analyzer
Moderate
GHSA-pgr8-jg6h-8gw6
was published
for
webpack-bundle-analyzer
(npm)
May 23, 2019
mysql Node.JS Module Vulnerable to Remote Memory Exposure
Moderate
GHSA-5f7m-mmpc-qhh4
was published
for
mysql
(npm)
May 23, 2019
Cryptographically Weak PRNG in generate-password
Moderate
GHSA-6qqf-vvcr-7qrv
was published
for
generate-password
(npm)
May 23, 2019
Cross-Site Scripting (XSS) in Verdaccio
Moderate
CVE-2019-14772
was published
for
verdaccio
(npm)
May 29, 2019
Cross-site Scripting in remarkable
Moderate
CVE-2019-12043
was published
for
remarkable
(npm)
May 29, 2019
Out-of-bounds Read in concat-with-sourcemaps
Moderate
GHSA-2xv3-h762-ccxv
was published
for
concat-with-sourcemaps
(npm)
May 29, 2019
Reflected Cross-Site Scripting in jquery.terminal
Moderate
GHSA-2hwp-g4g7-mwwj
was published
for
jquery.terminal
(npm)
May 29, 2019
Cross-Site Scripting in bootbox
Moderate
GHSA-87mg-h5r3-hw88
was published
for
bootbox
(npm)
May 30, 2019
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Memory Exposure in concat-stream
Moderate
GHSA-g74r-ffvr-5q9f
was published
for
concat-stream
(npm)
Jun 3, 2019
Remote Memory Exposure in floody
Moderate
GHSA-3p92-886g-qxpq
was published
for
floody
(npm)
Jun 4, 2019
ProTip!
Advisories are also available from the
GraphQL API