GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
255,714 advisories
Filter by severity
Command Injection in dns-sync
Moderate
GHSA-c6h2-mpc6-232h
was published
for
dns-sync
(npm)
Aug 27, 2020
•
withdrawn
Authentication Weakness in keystone
Moderate
GHSA-9xgp-hfw7-73rq
was published
for
keystone
(npm)
Aug 19, 2020
•
withdrawn
Cross-Site Scripting in bracket-template
High
GHSA-jj6g-7j8p-7gf2
was published
for
bracket-template
(npm)
May 30, 2019
Missing Origin Validation in parcel-bundler
Moderate
GHSA-5j4m-89xf-mf5p
was published
for
parcel-bundler
(npm)
Aug 27, 2020
•
withdrawn
Regular Expression Denial of Service
Moderate
GHSA-7m7q-q53v-j47v
was published
for
marked
(npm)
Feb 25, 2021
•
withdrawn
Regular Expression Denial of Service
Moderate
GHSA-6394-6h9h-cfjg
was published
for
nwmatcher
(npm)
Jun 7, 2019
Command Injection in macaddress
High
GHSA-q9r2-f3vc-rjg8
was published
for
macaddress
(npm)
Aug 19, 2020
•
withdrawn
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
Path Traversal in localhost-now
High
GHSA-73cw-jxmm-qpgh
was published
for
localhost-now
(npm)
Jun 11, 2019
Regular Expression Denial of Service in is-my-json-valid
Low
GHSA-4x7c-cx64-49w8
was published
for
is-my-json-valid
(npm)
Aug 19, 2020
•
withdrawn
Path Traversal in m-server
Moderate
GHSA-vc6r-4x6g-mmqc
was published
for
m-server
(npm)
Jun 11, 2019
Cross-Site Scripting in ids-enterprise
High
GHSA-49r3-3h96-rwj6
was published
for
ids-enterprise
(npm)
Jun 13, 2019
Regular Expression Denial of Service
Moderate
GHSA-jcgq-xh2f-2hfm
was published
for
eslint
(npm)
Feb 25, 2021
•
withdrawn
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople
Critical
GHSA-4vmm-mhcq-4x9j
was published
for
constantinople
(npm)
Jun 14, 2019
Cross-Site Scripting in ids-enterprise
High
GHSA-hpfq-8wx8-cgqw
was published
for
ids-enterprise
(npm)
Jun 13, 2019
Remote code execution in Handlebars.js
Moderate
GHSA-6r5x-hmgg-7h53
was published
for
handlebars
(npm)
Jul 15, 2019
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API