GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,984
Erlang
29
GitHub Actions
16
Go
1,771
Maven
4,995
npm
3,541
NuGet
617
pip
3,117
Pub
10
RubyGems
838
Rust
788
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,051 advisories
Filter by severity
Validation Bypass in paypal-ipn
Moderate
CVE-2014-10067
was published
for
paypal-ipn
(npm)
Aug 31, 2020
CSRF Vulnerability in jquery-ujs
Moderate
GHSA-6qqj-rx4w-r3cj
was published
for
jquery-ujs
(npm)
Aug 31, 2020
Sandbox Breakout / Arbitrary Code Execution in sandbox
Moderate
GHSA-fm4j-4xhm-xpwx
was published
for
sandbox
(npm)
Sep 2, 2020
HTML Injection in marky-markdown
Moderate
GHSA-pxmp-fwjc-4x7q
was published
for
marky-markdown
(npm)
Sep 3, 2020
Local File Inclusion in domokeeper
Moderate
GHSA-cr67-78jr-j94p
was published
for
domokeeper
(npm)
Sep 3, 2020
Cross-Site Scripting in swagger-ui
Moderate
GHSA-22q9-hqm5-mhmc
was published
for
swagger-ui
(npm)
Sep 11, 2020
Prototype Pollution in mergify
Moderate
GHSA-3f95-w5h5-fq86
was published
for
mergify
(npm)
Sep 11, 2020
Web Cache Poisoning in find-my-way
Moderate
CVE-2020-7764
was published
for
find-my-way
(npm)
Nov 9, 2020
Configuration Override in helmet-csp
Moderate
GHSA-c3m8-x3cg-qm2c
was published
for
helmet-csp
(npm)
Sep 3, 2020
Unintended Require in larvitbase-www
Moderate
GHSA-88h9-fc6v-jcw7
was published
for
larvitbase-www
(npm)
Sep 3, 2020
Prototype Pollution in systeminformation
Moderate
CVE-2020-26245
was published
for
systeminformation
(npm)
Nov 27, 2020
ReDOS vulnerabities: multiple grammars
Moderate
GHSA-7wwv-vh3v-89cq
was published
for
@highlightjs/cdn-assets
(npm)
Dec 4, 2020
Potential XSS in jQuery dependency in Mirador
Moderate
GHSA-hgwm-pv9h-q5m7
was published
for
mirador
(npm)
Sep 18, 2020
Cross-Site Scripting in mavon-editor
Moderate
GHSA-jfcc-rm7f-xgf8
was published
for
mavon-editor
(npm)
Sep 3, 2020
Outdated Static Dependency in vue-moment
Moderate
GHSA-hrpp-f84w-xhfg
was published
for
vue-moment
(npm)
Sep 4, 2020
Signatures are mistakenly recognized to be valid in jsrsasign
Moderate
GHSA-h87q-g2wp-47pj
was published
for
jsrsasign
(npm)
Feb 9, 2022
Out-of-Bounds read in stringstream
Moderate
GHSA-qpw2-xchm-655q
was published
for
stringstream
(npm)
Jan 6, 2022
•
withdrawn
OS Command Injection in node-notifier
Moderate
CVE-2020-7789
was published
for
node-notifier
(npm)
Dec 21, 2020
Verification flaw in Solid identity-token-verifier
Moderate
GHSA-xmh9-rg6f-j3mr
was published
for
@solid/identity-token-verifier
(npm)
Mar 12, 2021
File upload local preview can run embedded scripts after user interaction
Moderate
GHSA-8796-gc9j-63rv
was published
for
matrix-react-sdk
(npm)
May 17, 2021
Denial of Service in node-static
Moderate
GHSA-8r4g-cg4m-x23c
was published
for
node-static
(npm)
Sep 22, 2021
ProTip!
Advisories are also available from the
GraphQL API