Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

974 advisories

Loading
Arbitrary Code Injection in reduce-css-calc Critical
CVE-2016-10548 was published for reduce-css-calc (npm) Jun 7, 2018
Arbitrary Code Injection in pouchdb Critical
CVE-2016-10546 was published for pouchdb (npm) Jul 26, 2018
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
Critical severity vulnerability that affects generator-jhipster Critical
GHSA-mwp6-j9wf-968c was published for generator-jhipster (npm) Sep 13, 2019 withdrawn
JLLeitschuh
Command Injection in dns-sync Critical
CVE-2017-16100 was published for dns-sync (npm) Jul 18, 2018
Privilege Escalation due to Blind NoSQL Injection in flintcms Critical
CVE-2018-3783 was published for flintcms (npm) Aug 21, 2018
Denial of Service in https-proxy-agent Critical
CVE-2018-3739 was published for https-proxy-agent (npm) Jul 27, 2018
kurt-r2c
Prototype Pollution in merge-options Critical
CVE-2018-3752 was published for merge-options (npm) Oct 9, 2018
Command Injection in macaddress Critical
CVE-2018-13797 was published for macaddress (npm) Sep 6, 2018
Authentication Bypass in hapi-auth-jwt2 Critical
CVE-2016-10525 was published for hapi-auth-jwt2 (npm) Feb 18, 2019
Critical severity vulnerability that affects Haraka Critical
CVE-2016-1000282 was published for Haraka (npm) Feb 12, 2019
Deserialization Code Execution in js-yaml Critical
CVE-2013-4660 was published for js-yaml (npm) Oct 24, 2017
Critical severity vulnerability that affects dns-sync Critical
GHSA-wxvm-fh75-mpgr was published for dns-sync (npm) Jul 26, 2018 withdrawn
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload Critical
CVE-2018-9206 was published for blueimp-file-upload (npm) Oct 22, 2018
False-positive validity for NFT1 genesis transactions in SLPJS Critical
CVE-2020-15130 was published for slpjs (npm) Jul 30, 2020
Cross-Site Scripting in swagger-ui Critical
CVE-2016-5682 was published for swagger-ui (npm) Sep 1, 2020
Potential Command Injection in hubot-scripts Critical
CVE-2013-7378 was published for hubot-scripts (npm) Aug 31, 2020
Authentication Bypass in console-io Critical
CVE-2016-10532 was published for console-io (npm) Feb 18, 2019
Sensitive Data Exposure in msrcrypto Critical
CVE-2018-8319 was published for msrcrypto (npm) Sep 10, 2018
Malicious Package in regenrator Critical
GHSA-m5p4-7wf9-6w99 was published for regenrator (npm) Sep 1, 2020
Malicious Package in dossier Critical
GHSA-c8h6-89q2-mgv8 was published for dossier (npm) Sep 1, 2020
Malicious Package in wepack-cli Critical
GHSA-fpw3-x4xq-6vxq was published for wepack-cli (npm) Sep 2, 2020
Malicious Package in asynnc Critical
GHSA-5fm9-jmv7-fcx5 was published for asynnc (npm) Sep 2, 2020
Malicious Package in asnc Critical
GHSA-2p99-6f47-8x9j was published for asnc (npm) Sep 2, 2020
Malicious Package in commander-js Critical
GHSA-2hqf-qqmq-pgpp was published for commander-js (npm) Sep 2, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database