Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

972 advisories

Loading
SQL Injection in knex Critical
CVE-2019-10757 was published for knex (npm) Oct 21, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10760 was published for safer-eval (npm) Oct 17, 2019
Cross-site scripting in Swagger-UI Critical
CVE-2019-17495 was published for io.springfox:springfox-swagger-ui (Maven) Oct 15, 2019
mustafanaa
Sandbox Breakout in realms-shim Critical
GHSA-6jg8-7333-554w was published for realms-shim (npm) Oct 4, 2019
Command Injection in gitlabhook Critical
CVE-2019-5485 was published for gitlabhook (npm) Sep 16, 2019
Critical severity vulnerability that affects generator-jhipster Critical
GHSA-mwp6-j9wf-968c was published for generator-jhipster (npm) Sep 13, 2019 withdrawn
JLLeitschuh
Prototype Pollution in deeply Critical
CVE-2019-10750 was published for deeply (npm) Aug 27, 2019
Prototype Pollution in set-value Critical
CVE-2019-10747 was published for set-value (npm) Aug 27, 2019
Prototype Pollution in mixin-deep Critical
CVE-2019-10746 was published for mixin-deep (npm) Aug 27, 2019
Arbitrary Code Execution in eslint-utils Critical
CVE-2019-15657 was published for eslint-utils (npm) Aug 26, 2019
Identity Spoofing in libp2p-secio Critical
GHSA-rch7-f4h5-x9rj was published for libp2p-secio (npm) Aug 23, 2019
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (npm) Jul 10, 2019
Command Injection in open Critical
GHSA-28xh-wpgr-7fm8 was published for open (npm) Jun 20, 2019
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople Critical
GHSA-4vmm-mhcq-4x9j was published for constantinople (npm) Jun 14, 2019
Failure to sanitize quotes which can lead to sql injection in squel Critical
GHSA-4qhx-g9wp-g9m6 was published for squel (npm) Jun 14, 2019
Sensitive Data Exposure in pem Critical
GHSA-pgcr-7wm4-mcv6 was published for pem (npm) Jun 4, 2019
Privilege Escalation in express-cart Critical
GHSA-3fc5-9x9m-vqc4 was published for express-cart (npm) Jun 3, 2019
Command Injection in command-exists Critical
GHSA-cff4-rrq6-h78w was published for command-exists (npm) Jun 3, 2019
tdunlap607
Code Injection in morgan Critical
CVE-2019-5413 was published for morgan (npm) Mar 25, 2019
Potential Command Injection in shell-quote Critical
CVE-2016-10541 was published for shell-quote (npm) Feb 18, 2019
Authentication Bypass in console-io Critical
CVE-2016-10532 was published for console-io (npm) Feb 18, 2019
Authentication Bypass in hapi-auth-jwt2 Critical
CVE-2016-10525 was published for hapi-auth-jwt2 (npm) Feb 18, 2019
Critical severity vulnerability that affects Haraka Critical
CVE-2016-1000282 was published for Haraka (npm) Feb 12, 2019
Prototype Pollution in node.extend Critical
CVE-2018-16491 was published for node.extend (npm) Feb 7, 2019
Prototype Pollution in just-extend Critical
CVE-2018-16489 was published for just-extend (npm) Feb 7, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database