Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,032
Erlang
29
GitHub Actions
18
Go
1,838
Maven
5,000+
npm
3,577
NuGet
634
pip
3,162
Pub
10
RubyGems
849
Rust
800
Swift
34
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
Moderate severity vulnerability that affects validator Moderate
GHSA-9959-c6q6-6qp3 was published for validator (npm) Oct 24, 2017 withdrawn
CORS Token Disclosure in crumb Moderate
CVE-2014-7193 was published for crumb (npm) Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS Moderate
CVE-2012-6662 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
Cross-site Scripting in jquery-ui Moderate
CVE-2010-5312 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
Moderate severity vulnerability that affects send Moderate
GHSA-pgv6-jrvv-75jp was published for send (npm) Oct 9, 2018 withdrawn
No Charset in Content-Type Header in express Moderate
CVE-2014-6393 was published for express (npm) Oct 23, 2018
XSS Filter Bypass via Encoded URL in validator Moderate
CVE-2014-9772 was published for validator (npm) Nov 6, 2018
Cross-Site Scripting in morris.js Moderate
CVE-2017-16022 was published for morris.js (npm) Nov 9, 2018
Rosetta-Flash JSONP Vulnerability in hapi Moderate
CVE-2014-4671 was published for hapi (npm) Aug 31, 2020
tdunlap607
Hidden Directories Always Served in inert Moderate
CVE-2014-10068 was published for inert (npm) Aug 31, 2020
Multiple Content Injection Vulnerabilities in marked Moderate
CVE-2014-3743 was published for marked (npm) Aug 31, 2020
Directory Traversal in nhouston Moderate
CVE-2014-8883 was published for nhouston (npm) Aug 31, 2020
Validation Bypass in paypal-ipn Moderate
CVE-2014-10067 was published for paypal-ipn (npm) Aug 31, 2020
Regular Expression Denial of Service in bleach Moderate
CVE-2014-8881 was published for bleach (npm) Sep 1, 2020
Node Connect Reflected Cross-Site Scripting in Sencha Labs Connect middleware Moderate
CVE-2013-7371 was published for connect (npm) May 5, 2022
Cross Site Scripting in evershop Moderate
CVE-2023-46494 was published for @evershop/evershop (npm) Dec 8, 2023
ProTip! Advisories are also available from the GraphQL API