Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,462
Erlang
33
GitHub Actions
22
Go
2,159
Maven
5,000+
npm
3,820
NuGet
696
pip
3,502
Pub
12
RubyGems
903
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,178 advisories

Loading
Sensitive Data Exposure in parse-server Moderate
CVE-2019-1020013 was published for parse-server (npm) Jul 11, 2019
fastrde acinader
VBScript Content Injection in marked Moderate
CVE-2015-1370 was published for marked (npm) Oct 24, 2017
Moderate severity vulnerability that affects marked Moderate
CVE-2017-17461 was published for marked (npm) Jan 4, 2018 withdrawn
Directory Traversal in bitty Moderate
CVE-2016-10561 was published for bitty (npm) Feb 18, 2019
Cross-Site Scripting in morris.js Moderate
CVE-2017-16022 was published for morris.js (npm) Nov 9, 2018
Cross-Site Scripting in serialize-javascript Moderate
CVE-2019-16769 was published for serialize-javascript (npm) Dec 5, 2019
Prototype Pollution in extend Moderate
CVE-2018-16492 was published for extend (npm) Feb 7, 2019
Hijacked Environment Variables in proxy.js Moderate
CVE-2017-16076 was published for proxy.js (npm) Aug 29, 2018
Incorrect handling of CORS preflight request headers in hapi Moderate
CVE-2015-9236 was published for hapi (npm) Jun 7, 2018
Cross-Site Scripting in @risingstack/protect Moderate
CVE-2018-1000160 was published for @risingstack/protect (npm) Apr 25, 2018
Downloads Resources over HTTP in arcanist Moderate
CVE-2016-10683 was published for arcanist (npm) Feb 18, 2019
Moderate severity vulnerability that affects ember Moderate
GHSA-vxp4-25qp-86qh was published for ember (npm) Oct 24, 2017 withdrawn
Moderate severity vulnerability that affects moment Moderate
GHSA-hxf5-mg84-pj4m was published for moment (npm) Jul 31, 2018 withdrawn
Sensitive information exposure through logs in npm-registry-fetch Moderate
GHSA-jmqm-f2gx-4fjv was published for npm-registry-fetch (npm) Jul 7, 2020
Moderate severity vulnerability that affects send Moderate
GHSA-pgv6-jrvv-75jp was published for send (npm) Oct 9, 2018 withdrawn
Multiple XSS Filter Bypasses in validator Moderate
CVE-2013-7454 was published for validator (npm) Oct 24, 2017
Cross-Site Scripting in simple-markdown Moderate
CVE-2019-9844 was published for simple-markdown (npm) Apr 9, 2019
Moderate severity vulnerability that affects handlebars Moderate
GHSA-fmr4-7g9q-7hc7 was published for handlebars (npm) Oct 24, 2017 withdrawn
SQL Injection in sequelize Moderate
CVE-2016-10554 was published for sequelize (npm) Feb 18, 2019
ECDSA signature vulnerability of Minerva timing attack in jsrsasign Moderate
GHSA-g753-jx37-7xwh was published for jsrsasign (npm) Jun 30, 2020
Storing Password in Local Storage Moderate
GHSA-wvh7-5p38-2qfc was published for parse (npm) Jul 23, 2020
dplewis pocketcolin
Arbitrary file read via window-open IPC in Electron Moderate
CVE-2020-4075 was published for electron (npm) Jul 7, 2020
Command Injection in standard-version Moderate
GHSA-7xcx-6wjh-7xp2 was published for standard-version (npm) Jul 13, 2020
Log Forging in generator-jhipster-kotlin Moderate
CVE-2020-4072 was published for generator-jhipster-kotlin (npm) Jun 25, 2020
Multiple Content Injection Vulnerabilities in marked Moderate
CVE-2014-3743 was published for marked (npm) Aug 31, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database