Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

259,814 advisories

Loading
Memory Exposure in concat-stream Moderate
GHSA-g74r-ffvr-5q9f was published for concat-stream (npm) Jun 3, 2019
Regular Expression Denial of Service in braces Low
GHSA-g95f-p29q-9xw4 was published for braces (npm) Jun 6, 2019
Open Redirect in ecstatic Moderate
GHSA-x4rf-4mqf-cm8w was published for ecstatic (npm) Aug 19, 2020 withdrawn
Command Injection in wiki-plugin-datalog High
GHSA-pm52-wwrw-c282 was published for wiki-plugin-datalog (npm) Jun 13, 2019
Path Traversal in serve-here.js High
GHSA-g8m7-qhv7-9h5x was published for serve-here (npm) Jul 5, 2019
Remote Memory Exposure in floody Moderate
GHSA-3p92-886g-qxpq was published for floody (npm) Jun 4, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Moderate
GHSA-69p9-9qm9-h447 was published for safer-eval (npm) Aug 19, 2020 withdrawn
Sensitive Data Exposure in sequelize-cli Low
GHSA-3xc7-xg67-pw99 was published for sequelize-cli (npm) Jun 5, 2019
Content injection in marked Moderate
GHSA-wjmf-58vc-xqjr was published for marked (npm) Feb 25, 2021 withdrawn
Out-of-bounds Read in npmconf Moderate
GHSA-57cf-349j-352g was published for npmconf (npm) Jun 12, 2019
Rate Limiting Bypass in express-brute Moderate
GHSA-984p-xq9m-4rjw was published for express-brute (npm) Jun 7, 2019
Cross-Site Request Forgery (CSRF) Moderate
GHSA-wj5j-xpcj-45gc was published for devise_invitable (RubyGems) Feb 24, 2021 withdrawn
Timing attack Low
GHSA-xm8r-5wh6-f46f was published for autobahn (pip) Feb 24, 2021 withdrawn
Remote Code Execution in node-os-utils High
GHSA-j9f8-8h89-j69x was published for node-os-utils (npm) Jun 11, 2019
Reverse Tabnapping in swagger-ui Moderate
GHSA-x9p2-fxq6-2m5f was published for swagger-ui (npm) Jun 20, 2019
Command Injection in dot Moderate
GHSA-4859-gpc7-4j66 was published for dot (npm) Jun 5, 2019
Out-of-bounds Read in byte Moderate
GHSA-xm7f-x4wx-wmgv was published for byte (npm) Jun 4, 2019
Cross-Site Scripting Moderate
GHSA-94ww-22rx-493x was published for flower (pip) Feb 24, 2021 withdrawn
Cross-Site Scripting in ids-enterprise High
GHSA-crfx-5phg-hmw9 was published for ids-enterprise (npm) Jun 13, 2019
Denial of Service High
GHSA-j95h-wmx9-4279 was published for sails (npm) Feb 25, 2021 withdrawn
Command Injection in open Critical
GHSA-28xh-wpgr-7fm8 was published for open (npm) Jun 20, 2019
SQL Injection in sql Moderate
GHSA-8f93-rv4p-x4jw was published for sql (npm) Jun 12, 2019
Cross-Site Scripting via JSONP Moderate
GHSA-28hp-fgcr-2r4h was published for angular (npm) Jun 27, 2019
Denial of Service in mem Moderate
GHSA-4xcv-9jjx-gfj3 was published for mem (npm) Jul 5, 2019
Cross-Site Scripting in @nuxt/devalue Moderate
CVE-2019-13506 was published for @nuxt/devalue (npm) Jul 16, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database