GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
259,551 advisories
Filter by severity
Out-of-bounds Read in concat-with-sourcemaps
Moderate
GHSA-2xv3-h762-ccxv
was published
for
concat-with-sourcemaps
(npm)
May 29, 2019
Authentication Weakness in keystone
Moderate
GHSA-9xgp-hfw7-73rq
was published
for
keystone
(npm)
Aug 19, 2020
•
withdrawn
Command Injection in dns-sync
Moderate
GHSA-c6h2-mpc6-232h
was published
for
dns-sync
(npm)
Aug 27, 2020
•
withdrawn
Cross-Site Scripting in bracket-template
High
GHSA-jj6g-7j8p-7gf2
was published
for
bracket-template
(npm)
May 30, 2019
Regular Expression Denial of Service
Moderate
GHSA-7m7q-q53v-j47v
was published
for
marked
(npm)
Feb 25, 2021
•
withdrawn
Missing Origin Validation in parcel-bundler
Moderate
GHSA-5j4m-89xf-mf5p
was published
for
parcel-bundler
(npm)
Aug 27, 2020
•
withdrawn
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
Regular Expression Denial of Service
Moderate
GHSA-6394-6h9h-cfjg
was published
for
nwmatcher
(npm)
Jun 7, 2019
Path Traversal in m-server
Moderate
GHSA-vc6r-4x6g-mmqc
was published
for
m-server
(npm)
Jun 11, 2019
Path Traversal in localhost-now
High
GHSA-73cw-jxmm-qpgh
was published
for
localhost-now
(npm)
Jun 11, 2019
Regular Expression Denial of Service in is-my-json-valid
Low
GHSA-4x7c-cx64-49w8
was published
for
is-my-json-valid
(npm)
Aug 19, 2020
•
withdrawn
Command Injection in macaddress
High
GHSA-q9r2-f3vc-rjg8
was published
for
macaddress
(npm)
Aug 19, 2020
•
withdrawn
Remote code execution in Handlebars.js
Moderate
GHSA-6r5x-hmgg-7h53
was published
for
handlebars
(npm)
Jul 15, 2019
•
withdrawn
Cross-Site Scripting in ids-enterprise
High
GHSA-49r3-3h96-rwj6
was published
for
ids-enterprise
(npm)
Jun 13, 2019
Cross-Site Scripting in ids-enterprise
High
GHSA-hpfq-8wx8-cgqw
was published
for
ids-enterprise
(npm)
Jun 13, 2019
Regular Expression Denial of Service
Moderate
GHSA-jcgq-xh2f-2hfm
was published
for
eslint
(npm)
Feb 25, 2021
•
withdrawn
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople
Critical
GHSA-4vmm-mhcq-4x9j
was published
for
constantinople
(npm)
Jun 14, 2019
Privilege Escalation in express-cart
Critical
GHSA-3fc5-9x9m-vqc4
was published
for
express-cart
(npm)
Jun 3, 2019
ProTip!
Advisories are also available from the
GraphQL API