GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,029
Maven
5,000+
npm
3,732
NuGet
662
pip
3,408
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
High severity vulnerability that affects electron
High
CVE-2016-1202
was published
for
electron
(npm)
Oct 24, 2017
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
High
CVE-2018-1000136
was published
for
electron
(npm)
Mar 26, 2018
Regular Expression Denial of Service in parsejson
High
CVE-2017-16113
was published
for
parsejson
(npm)
Jul 24, 2018
Path Traversal in superstatic
High
GHSA-wm77-q74p-5763
was published
for
superstatic
(npm)
Jul 27, 2018
High severity vulnerability that affects uglify-js
High
GHSA-g6f4-j6c2-w3p3
was published
for
uglify-js
(npm)
Oct 9, 2018
•
withdrawn
High severity vulnerability that affects qs
High
GHSA-crvj-3gj9-gm2p
was published
for
qs
(npm)
Oct 9, 2018
•
withdrawn
selenium-binaries downloads resources over HTTP
High
CVE-2016-10589
was published
for
selenium-binaries
(npm)
Feb 18, 2019
Downloads Resources over HTTP in imageoptim
High
CVE-2016-10596
was published
for
imageoptim
(npm)
Feb 18, 2019
Authentication and extension bypass in Faye
High
CVE-2020-11020
was published
for
faye
(RubyGems)
Apr 29, 2020
Signature Malleabillity in elliptic
High
CVE-2020-13822
was published
for
elliptic
(npm)
Jul 29, 2020
Missing TLS certificate verification
High
CVE-2020-15134
was published
for
faye
(RubyGems)
Jul 31, 2020
Remote code execution via the `pretty` option.
High
CVE-2021-21353
was published
for
pug
(npm)
Mar 3, 2021
Regular Expression Denial of Service (ReDoS)
High
CVE-2021-28092
was published
for
is-svg
(npm)
Mar 19, 2021
Denial of Service (DoS) in restify-paginate
High
CVE-2020-27543
was published
for
restify-paginate
(npm)
Apr 12, 2021
Denial of Service in get-ip-range
High
CVE-2021-27191
was published
for
get-ip-range
(npm)
Apr 13, 2021
Use of Potentially Dangerous Function in mixme
High
CVE-2021-29491
was published
for
mixme
(npm)
May 6, 2021
"Arbitrary code execution in socket.io-file"
High
CVE-2020-24807
was published
for
socket.io-file
(npm)
May 10, 2021
Uncontrolled Resource Consumption in trim-newlines
High
CVE-2021-33623
was published
for
trim-newlines
(npm)
Jun 7, 2021
Improper Handling of Unexpected Data Type in ced
High
CVE-2021-39131
was published
for
ced
(npm)
Aug 23, 2021
Improper Handling of Exceptional Conditions in detect-character-encoding
High
CVE-2021-39157
was published
for
detect-character-encoding
(npm)
Aug 25, 2021
Cross-Site Request Forgery in express-cart
High
CVE-2020-22403
was published
for
express-cart
(npm)
Aug 30, 2021
Missing Release of Memory after Effective Lifetime in detect-character-encoding
High
CVE-2021-39176
was published
for
detect-character-encoding
(npm)
Sep 1, 2021
ProTip!
Advisories are also available from the
GraphQL API