Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,474 advisories

Regular Expression Denial of Service Moderate
GHSA-6394-6h9h-cfjg was published for nwmatcher (npm) Jun 7, 2019
Path Traversal in localhost-now High
GHSA-73cw-jxmm-qpgh was published for localhost-now (npm) Jun 11, 2019
Insecure Default Configuration in redbird Moderate
GHSA-8948-ffc6-jg52 was published for redbird (npm) Jun 6, 2019
Path Traversal in m-server Moderate
GHSA-vc6r-4x6g-mmqc was published for m-server (npm) Jun 11, 2019
Withdrawn High
GHSA-p56r-jr4p-4wgh was published for whereis (npm) Aug 3, 2020 withdrawn
Withdrawn High
GHSA-wx84-69jh-jjp2 was published for sshpk (npm) Aug 3, 2020 withdrawn
Regular Expression Denial of Service Moderate
GHSA-7m7q-q53v-j47v was published for marked (npm) Feb 25, 2021 withdrawn
Missing Origin Validation in parcel-bundler Moderate
GHSA-5j4m-89xf-mf5p was published for parcel-bundler (npm) Aug 27, 2020 withdrawn
Denial of Service in canvas Moderate
GHSA-vpq5-4rc8-c222 was published for canvas (npm) Jun 5, 2019
Prototype Pollution in deap High
GHSA-xrmp-99wj-p6jc was published for deap (npm) May 31, 2019
Cross-Site Scripting in public Low
GHSA-7jfh-2xc9-ccv7 was published for public (npm) May 31, 2019
Cross-Site Scripting in bracket-template High
GHSA-jj6g-7j8p-7gf2 was published for bracket-template (npm) May 30, 2019
Authentication Weakness in keystone Moderate
GHSA-9xgp-hfw7-73rq was published for keystone (npm) Aug 19, 2020 withdrawn
Command Injection in dns-sync Moderate
GHSA-c6h2-mpc6-232h was published for dns-sync (npm) Aug 27, 2020 withdrawn
Out-of-bounds Read in concat-with-sourcemaps Moderate
GHSA-2xv3-h762-ccxv was published for concat-with-sourcemaps (npm) May 29, 2019
Directory Traversal High
GHSA-f6gj-7592-5jxm was published for node-simple-router (npm) Feb 23, 2021 withdrawn
Incorrect Authorization Moderate
GHSA-5hx7-77g4-wqx3 was published for aedes (npm) Feb 23, 2021 withdrawn
XSS Moderate
GHSA-qfmr-6qvh-49gm was published for knockout (npm) Feb 25, 2021 withdrawn
Cross-Site Scripting in shave Moderate
CVE-2019-12313 was published for shave (npm) May 29, 2019
Out-of-bounds Read in base64-url High
GHSA-j4mr-9xw3-c9jx was published for base64-url (npm) May 31, 2019
Cross-Site Scripting in react-svg High
GHSA-8xqr-4cpm-wx7g was published for react-svg (npm) May 31, 2019
Open Redirect in hekto Low
GHSA-c5j4-vw9m-xc95 was published for hekto (npm) Aug 27, 2020 withdrawn
Memory Exposure in tunnel-agent Moderate
GHSA-xc7v-wxcw-j472 was published for tunnel-agent (npm) Jun 3, 2019
Denial of Service in foreman High
GHSA-xm28-fw2x-fqv2 was published for foreman (npm) May 31, 2019
Withdrawn Moderate
GHSA-chgg-rrmv-5q7x was published for jwt-simple (npm) Aug 3, 2020 withdrawn
ProTip! Advisories are also available from the GraphQL API