GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,984
Erlang
29
GitHub Actions
16
Go
1,770
Maven
4,994
npm
3,540
NuGet
617
pip
3,117
Pub
10
RubyGems
838
Rust
788
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,050 advisories
Filter by severity
Directory Traversal in nhouston
Moderate
CVE-2014-8883
was published
for
nhouston
(npm)
Aug 31, 2020
Cross-Site Scripting in swagger-ui
Moderate
GHSA-388g-jwpg-x6j4
was published
for
swagger-ui
(npm)
Sep 11, 2020
Open Redirect in apostrophe
Moderate
GHSA-h97g-4mx7-5p2p
was published
for
apostrophe
(npm)
Sep 3, 2020
Cross-Site Scripting in swagger-ui
Moderate
GHSA-vp93-gcx5-4w52
was published
for
swagger-ui
(npm)
Sep 11, 2020
Cross-Site Scripting in serve
Moderate
GHSA-cpgr-wmr9-qxv4
was published
for
serve
(npm)
Sep 11, 2020
User Impersonation in converse.js
Moderate
CVE-2017-5858
was published
for
converse.js
(npm)
Sep 11, 2020
Cross-Site Scripting in swagger-ui
Moderate
GHSA-w992-2gmj-9xxj
was published
for
swagger-ui
(npm)
Sep 11, 2020
Sensitive Data Exposure in ibm_db
Moderate
GHSA-p77h-hv6g-fmfp
was published
for
ibm_db
(npm)
Sep 3, 2020
Authentication Bypass in saml2-js
Moderate
GHSA-mfcp-34xw-p57x
was published
for
saml2-js
(npm)
Sep 3, 2020
Denial of Service in handlebars
Moderate
GHSA-f52g-6jhx-586p
was published
for
handlebars
(npm)
Sep 3, 2020
Sandbox Breakout / Prototype Pollution in notevil
Moderate
GHSA-9gxr-rhx6-4jgv
was published
for
notevil
(npm)
Sep 4, 2020
Lack of URL normalization may lead to authorization bypass when URL access rules are used
Moderate
CVE-2020-24660
was published
for
lemonldap-ng-handler
(npm)
Sep 9, 2020
Buffer Overflow in node-weakauras-parser
Moderate
GHSA-86mr-6m89-vgj3
was published
for
node-weakauras-parser
(npm)
Sep 3, 2020
Prototype Pollution in smart-extend
Moderate
GHSA-f8h3-rqrm-47v9
was published
for
smart-extend
(npm)
Sep 2, 2020
Sandbox Breakout / Arbitrary Code Execution in value-censorship
Moderate
GHSA-xrr6-6ww3-f3qm
was published
for
value-censorship
(npm)
Sep 2, 2020
Cross-Site Scripting in harp
Moderate
GHSA-cx7r-634m-2q2h
was published
for
harp
(npm)
Sep 2, 2020
•
withdrawn
Cross-Site Scripting in buttle
Moderate
GHSA-pqpp-2363-649v
was published
for
buttle
(npm)
Sep 2, 2020
Unauthorized File Access in glance
Moderate
GHSA-vw7g-jq9m-3q9v
was published
for
glance
(npm)
Sep 2, 2020
Cross-Site Scripting in diagram-js-direct-editing
Moderate
GHSA-j8r2-2x94-2q67
was published
for
diagram-js-direct-editing
(npm)
Sep 11, 2020
Command Injection Vulnerability in systeminformation
Moderate
CVE-2020-26274
was published
for
systeminformation
(npm)
Dec 16, 2020
Command Injection in wizard-syncronizer
Moderate
GHSA-wgw3-gf4p-62xc
was published
for
wizard-syncronizer
(npm)
Sep 11, 2020
Command injection in codecov (npm package)
Moderate
CVE-2020-15123
was published
for
codecov
(npm)
Jul 20, 2020
Remote Memory Disclosure in bittorrent-dht
Moderate
CVE-2016-10519
was published
for
bittorrent-dht
(npm)
Sep 1, 2020
ProTip!
Advisories are also available from the
GraphQL API