Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
444
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

3,078 advisories

Loading
Ghost vulnerable to remote code execution in locale setting change Moderate
GHSA-7v28-g2pq-ggg8 was published for ghost (npm) Jun 17, 2022
devx00 Credited to devx00
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page Moderate
GHSA-2fvv-qxrq-7jq6 was published for apollo-server-core (npm) Aug 18, 2022
adenkiewicz Credited to adenkiewicz
Batched HTTP requests may set incorrect `cache-control` response header Moderate
GHSA-8r69-3cvp-wxc3 was published for @apollo/server (npm) Nov 2, 2022
Arbitrary File Write in iobroker.js-controller High
CVE-2019-10767 was published for iobroker.js-controller (npm) Dec 2, 2019
Validation Bypass in schema-inspector Critical
CVE-2019-10781 was published for schema-inspector (npm) Jun 10, 2020
Downloads Resources over HTTP in operadriver High
CVE-2016-10565 was published for operadriver (npm) Feb 18, 2019
Downloads Resources over HTTP in haxeshim High
CVE-2016-10692 was published for haxeshim (npm) Jul 31, 2018
Directory traversal vulnerability in Next.js High
CVE-2018-6184 was published for next (npm) Jan 24, 2018
Downloads Resources over HTTP in imageoptim High
CVE-2016-10596 was published for imageoptim (npm) Feb 18, 2019
Downloads Resources over HTTP in apk-parser High
CVE-2016-10564 was published for apk-parser (npm) Sep 1, 2020
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7451 was published for validator (npm) Oct 24, 2017
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7452 was published for validator (npm) Oct 24, 2017
Forgeable Public/Private Tokens in jwt-simple Critical
CVE-2016-10555 was published for jwt-simple (npm) Nov 6, 2018
Arbitrary Code Execution in mathjs Critical
CVE-2017-1001002 was published for mathjs (npm) Dec 18, 2017
Cross-Site Request Forgery (CSRF) in Auth0 High
CVE-2018-6874 was published for auth0-js (npm) Nov 6, 2018
Incorrect version tags linked to external repository Critical
GHSA-593v-wcqx-hq2w was published for parse-server (npm) Sep 7, 2021
GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior Moderate
GHSA-m6w8-fq7v-ph4m was published for @openzeppelin/contracts (npm) Jan 13, 2022
GeraldHost Credited to GeraldHost
Improper Privilege Management in shelljs Moderate
GHSA-64g7-mvw6-v9qj was published for shelljs (npm) Jan 14, 2022
Execution with Unnecessary Privileges in arc-electron High
GHSA-v3wr-67px-44xg was published for @advanced-rest-client/base (npm) Mar 3, 2022
Hidden functionality in node-ipc Low
GHSA-8gr3-2gjw-jj7g was published for node-ipc (npm) Mar 16, 2022
Inconsistent storage layout for ERC2771ContextUpgradeable Low
GHSA-7j52-6fjp-58gr was published for @openzeppelin/contracts-upgradeable (npm) Mar 14, 2022
Removal of functional code in faker.js High
GHSA-5w9c-rv96-fr7g was published for faker (npm) Mar 22, 2022
Inefficient Regular Expression Complexity in Validator.js Moderate
GHSA-xx4c-jj58-r7x6 was published for validator (npm) Nov 19, 2021
yetingli Credited to yetingli and G-Rath G-Rath G-Rath
Marked ReDoS due to email addresses being evaluated in quadratic time Moderate
GHSA-xf5p-87ch-gxw2 was published for marked (npm) Jun 5, 2019
grunt-gh-pages before 0.10.0 may allow unencrypted GitHub credentials to be written to a log file Moderate
CVE-2016-10526 was published for grunt-gh-pages (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database