Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

117,818 advisories

Loading
Memory Exposure in bl Moderate
GHSA-wrw9-m778-g6mc was published for bl (npm) Jun 3, 2019
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (npm) Jul 19, 2019
mitchell-codecov
Prototype Pollution in upmerge Moderate
GHSA-gm9g-2g8v-fvxj was published for upmerge (npm) Jun 6, 2019
HTML tag injection Moderate
GHSA-9vhv-p9r7-rm53 was published for serve-handler (npm) Feb 23, 2021 withdrawn
Denial of Service in js-yaml Moderate
GHSA-2pr6-76vf-7546 was published for js-yaml (npm) Jun 5, 2019
Insecure Default Configuration in tesseract.js Moderate
GHSA-83rx-c8cr-6j8q was published for tesseract.js (npm) Jun 5, 2019
Prototype Pollution in lutils-merge Moderate
GHSA-f7qw-5pvg-mmwp was published for lutils-merge (npm) Jun 13, 2019
Regular Expression Denial of Service in underscore.string Moderate
GHSA-v2p6-4mp7-3r9v was published for underscore.string (npm) Jun 14, 2019
Regular Expression Denial of Service Moderate
GHSA-qx4v-6gc5-f2vv was published for esm (npm) Jun 20, 2019
Arbitrary Code Injection in mobile-icon-resizer Moderate
GHSA-mxjr-xmcg-fg7w was published for mobile-icon-resizer (npm) Jun 27, 2019
Path Traversal in statics-server Moderate
GHSA-74cp-qw7f-7hpw was published for statics-server (npm) Jun 5, 2019
Memory Exposure in concat-stream Moderate
GHSA-g74r-ffvr-5q9f was published for concat-stream (npm) Jun 3, 2019
Denial of Service in url-relative Moderate
GHSA-86p3-4gfq-38f2 was published for url-relative (npm) Jun 5, 2019
Regular Expression Denial of Service in highcharts Moderate
GHSA-m45f-4828-5cv5 was published for highcharts (npm) Aug 19, 2020 withdrawn
Versions 0.3.2 and earlier of marked are affected by a cross-site scripting vulnerability even... Moderate
GHSA-32vw-r77c-gm67 was published for marked (npm) Aug 3, 2020 withdrawn
Cross-Site Scripting in marked Moderate
GHSA-8wp3-cp9v-44fm was published for marked (npm) Feb 25, 2021 withdrawn
Content injection in marked Moderate
GHSA-wjmf-58vc-xqjr was published for marked (npm) Feb 25, 2021 withdrawn
Open Redirect in ecstatic Moderate
GHSA-x4rf-4mqf-cm8w was published for ecstatic (npm) Aug 19, 2020 withdrawn
Remote Memory Exposure in floody Moderate
GHSA-3p92-886g-qxpq was published for floody (npm) Jun 4, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Moderate
GHSA-69p9-9qm9-h447 was published for safer-eval (npm) Aug 19, 2020 withdrawn
Out-of-bounds Read in npmconf Moderate
GHSA-57cf-349j-352g was published for npmconf (npm) Jun 12, 2019
Cross-Site Request Forgery (CSRF) Moderate
GHSA-wj5j-xpcj-45gc was published for devise_invitable (RubyGems) Feb 24, 2021 withdrawn
Reverse Tabnapping in swagger-ui Moderate
GHSA-x9p2-fxq6-2m5f was published for swagger-ui (npm) Jun 20, 2019
Command Injection in dot Moderate
GHSA-4859-gpc7-4j66 was published for dot (npm) Jun 5, 2019
Rate Limiting Bypass in express-brute Moderate
GHSA-984p-xq9m-4rjw was published for express-brute (npm) Jun 7, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database