Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,017
Maven
5,000+
npm
3,722
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+

66 advisories

Loading
High severity vulnerability that affects electron High
CVE-2016-1202 was published for electron (npm) Oct 24, 2017
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration High
CVE-2018-1000136 was published for electron (npm) Mar 26, 2018
Churro
Regular Expression Denial of Service in parsejson High
CVE-2017-16113 was published for parsejson (npm) Jul 24, 2018
Path Traversal in superstatic High
GHSA-wm77-q74p-5763 was published for superstatic (npm) Jul 27, 2018
High severity vulnerability that affects uglify-js High
GHSA-g6f4-j6c2-w3p3 was published for uglify-js (npm) Oct 9, 2018 withdrawn
High severity vulnerability that affects qs High
GHSA-crvj-3gj9-gm2p was published for qs (npm) Oct 9, 2018 withdrawn
selenium-binaries downloads resources over HTTP High
CVE-2016-10589 was published for selenium-binaries (npm) Feb 18, 2019
Downloads Resources over HTTP in imageoptim High
CVE-2016-10596 was published for imageoptim (npm) Feb 18, 2019
Authentication and extension bypass in Faye High
CVE-2020-11020 was published for faye (RubyGems) Apr 29, 2020
Signature Malleabillity in elliptic High
CVE-2020-13822 was published for elliptic (npm) Jul 29, 2020
Missing TLS certificate verification High
CVE-2020-15134 was published for faye (RubyGems) Jul 31, 2020
Remote code execution via the `pretty` option. High
CVE-2021-21353 was published for pug (npm) Mar 3, 2021
Regular Expression Denial of Service (ReDoS) High
CVE-2021-28092 was published for is-svg (npm) Mar 19, 2021
Denial of Service (DoS) in restify-paginate High
CVE-2020-27543 was published for restify-paginate (npm) Apr 12, 2021
Denial of Service in get-ip-range High
CVE-2021-27191 was published for get-ip-range (npm) Apr 13, 2021
Use of Potentially Dangerous Function in mixme High
CVE-2021-29491 was published for mixme (npm) May 6, 2021
CySirX
"Arbitrary code execution in socket.io-file" High
CVE-2020-24807 was published for socket.io-file (npm) May 10, 2021
Uncontrolled Resource Consumption in trim-newlines High
CVE-2021-33623 was published for trim-newlines (npm) Jun 7, 2021
Denial of service in css-what High
CVE-2021-33587 was published for css-what (npm) Jun 7, 2021
ReDoS in normalize-url High
CVE-2021-33502 was published for normalize-url (npm) Jun 8, 2021
Improper Handling of Unexpected Data Type in ced High
CVE-2021-39131 was published for ced (npm) Aug 23, 2021
cristianstaicu
Improper Handling of Exceptional Conditions in detect-character-encoding High
CVE-2021-39157 was published for detect-character-encoding (npm) Aug 25, 2021
Cross-Site Request Forgery in express-cart High
CVE-2020-22403 was published for express-cart (npm) Aug 30, 2021
Code Injection in total.js High
CVE-2021-32831 was published for total.js (npm) Sep 1, 2021
Missing Release of Memory after Effective Lifetime in detect-character-encoding High
CVE-2021-39176 was published for detect-character-encoding (npm) Sep 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database