GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
119,935 advisories
Filter by severity
Cross-Site Scripting in simditor
Moderate
CVE-2018-19048
was published
for
simditor
(npm)
May 14, 2019
Cryptographically Weak PRNG in generate-password
Moderate
GHSA-6qqf-vvcr-7qrv
was published
for
generate-password
(npm)
May 23, 2019
Cross-Site Scripting in JSPWiki
Moderate
CVE-2019-10076
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
Cross-Site Scripting
Moderate
GHSA-57h7-r3q3-w57j
was published
for
djangorestframework
(pip)
Feb 24, 2021
•
withdrawn
rocksdb vulnerable to out-of-bounds read
Moderate
GHSA-xpp3-xrff-w6rh
was published
for
rocksdb
(Rust)
Aug 12, 2022
Reflected Cross-Site Scripting in jquery.terminal
Moderate
GHSA-2hwp-g4g7-mwwj
was published
for
jquery.terminal
(npm)
May 29, 2019
Cross-Site Scripting in bootbox
Moderate
GHSA-87mg-h5r3-hw88
was published
for
bootbox
(npm)
May 30, 2019
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Out-of-bounds Read in concat-with-sourcemaps
Moderate
GHSA-2xv3-h762-ccxv
was published
for
concat-with-sourcemaps
(npm)
May 29, 2019
Authentication Weakness in keystone
Moderate
GHSA-9xgp-hfw7-73rq
was published
for
keystone
(npm)
Aug 19, 2020
•
withdrawn
Command Injection in dns-sync
Moderate
GHSA-c6h2-mpc6-232h
was published
for
dns-sync
(npm)
Aug 27, 2020
•
withdrawn
Incorrect Authorization
Moderate
GHSA-5hx7-77g4-wqx3
was published
for
aedes
(npm)
Feb 23, 2021
•
withdrawn
Missing Origin Validation in parcel-bundler
Moderate
GHSA-5j4m-89xf-mf5p
was published
for
parcel-bundler
(npm)
Aug 27, 2020
•
withdrawn
Regular Expression Denial of Service
Moderate
GHSA-7m7q-q53v-j47v
was published
for
marked
(npm)
Feb 25, 2021
•
withdrawn
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
Regular Expression Denial of Service
Moderate
GHSA-6394-6h9h-cfjg
was published
for
nwmatcher
(npm)
Jun 7, 2019
Path Traversal in m-server
Moderate
GHSA-vc6r-4x6g-mmqc
was published
for
m-server
(npm)
Jun 11, 2019
Remote code execution in Handlebars.js
Moderate
GHSA-6r5x-hmgg-7h53
was published
for
handlebars
(npm)
Jul 15, 2019
•
withdrawn
Regular Expression Denial of Service
Moderate
GHSA-jcgq-xh2f-2hfm
was published
for
eslint
(npm)
Feb 25, 2021
•
withdrawn
Denial of Service in protobufjs
Moderate
GHSA-4gpv-cvmq-6526
was published
for
protobufjs
(npm)
Aug 19, 2020
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API