GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
960 advisories
Filter by severity
Remote Code Execution Vulnerability in NPM mongo-express
Critical
CVE-2019-10758
was published
for
mongo-express
(npm)
Dec 30, 2019
Prototype Pollution in handlebars
Critical
CVE-2019-19919
was published
for
bootstrap-wysihtml5-rails
(RubyGems)
Dec 26, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10769
was published
for
safer-eval
(npm)
Dec 11, 2019
Strapi allows unauthenticated attacker to reset admin password without valid reset token
Critical
CVE-2019-18818
was published
for
strapi
(npm)
Dec 2, 2019
Critical severity vulnerability that affects slpjs
Critical
CVE-2019-16762
was published
for
slpjs
(npm)
Nov 15, 2019
Validation Bypass in slp-validate
Critical
CVE-2019-16761
was published
for
slp-validate
(npm)
Nov 15, 2019
Improper Input Validation in Automattic Mongoose
Critical
CVE-2019-17426
was published
for
mongoose
(npm)
Oct 22, 2019
Sandbox Breakout in realms-shim
Critical
GHSA-7cg8-pq9v-x98q
was published
for
realms-shim
(npm)
Oct 21, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10759
was published
for
safer-eval
(npm)
Oct 21, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10760
was published
for
safer-eval
(npm)
Oct 17, 2019
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
Sandbox Breakout in realms-shim
Critical
GHSA-6jg8-7333-554w
was published
for
realms-shim
(npm)
Oct 4, 2019
Command Injection in gitlabhook
Critical
CVE-2019-5485
was published
for
gitlabhook
(npm)
Sep 16, 2019
Critical severity vulnerability that affects generator-jhipster
Critical
GHSA-mwp6-j9wf-968c
was published
for
generator-jhipster
(npm)
Sep 13, 2019
•
withdrawn
Prototype Pollution in set-value
Critical
CVE-2019-10747
was published
for
set-value
(npm)
Aug 27, 2019
Prototype Pollution in mixin-deep
Critical
CVE-2019-10746
was published
for
mixin-deep
(npm)
Aug 27, 2019
Arbitrary Code Execution in eslint-utils
Critical
CVE-2019-15657
was published
for
eslint-utils
(npm)
Aug 26, 2019
Identity Spoofing in libp2p-secio
Critical
GHSA-rch7-f4h5-x9rj
was published
for
libp2p-secio
(npm)
Aug 23, 2019
ProTip!
Advisories are also available from the
GraphQL API