GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,474 advisories
Filter by severity
Regular Expression Denial of Service in ms
High
CVE-2015-8315
was published
for
ms
(npm)
Oct 24, 2017
Regular Expression Denial of Service in uglify-js
High
CVE-2015-8858
was published
for
uglify-js
(npm)
Oct 24, 2017
Regular Expression Denial of Service in semver
High
CVE-2015-8855
was published
for
semver
(npm)
Oct 24, 2017
Denial-of-Service Memory Exhaustion in qs
High
CVE-2014-7191
was published
for
qs
(npm)
Oct 24, 2017
File Descriptor Leak Can Cause DoS Vulnerability in hapi
High
CVE-2014-3742
was published
for
hapi
(npm)
Oct 24, 2017
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Critical
CVE-2015-8857
was published
for
uglifier
(RubyGems)
Oct 24, 2017
Deserialization Code Execution in js-yaml
Critical
CVE-2013-4660
was published
for
js-yaml
(npm)
Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS
Moderate
CVE-2012-6662
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
Cross-site Scripting in jquery-ui
Moderate
CVE-2010-5312
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
Cross-Site Scripting in keystone
Moderate
CVE-2017-15878
was published
for
keystone
(npm)
Nov 15, 2017
keycloak-connect and keycloak-js improperly handle invalid tokens
Critical
CVE-2017-7474
was published
for
keycloak-connect
(npm)
Nov 15, 2017
Keystone is vulnerable to CSV injection
High
CVE-2017-15879
was published
for
keystone
(npm)
Nov 16, 2017
Cross-Site Scripting in keystone
Moderate
CVE-2017-15881
was published
for
keystone
(npm)
Nov 16, 2017
Potential Command Injection in codem-transcode
High
CVE-2013-7377
was published
for
codem-transcode
(npm)
Nov 28, 2017
Potential Command Injection in printer
Critical
CVE-2014-3741
was published
for
printer
(npm)
Nov 28, 2017
Cross-Site Request Forgery (CSRF) in keystone
High
CVE-2017-16570
was published
for
keystone
(npm)
Nov 30, 2017
ejs is vulnerable to remote code execution due to weak input validation
Critical
CVE-2017-1000228
was published
for
ejs
(npm)
Nov 30, 2017
Next.js Directory Traversal Vulnerability
High
CVE-2017-16877
was published
for
next
(npm)
Dec 5, 2017
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001002
was published
for
mathjs
(npm)
Dec 18, 2017
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001003
was published
for
mathjs
(npm)
Dec 18, 2017
auth0-js Privilege Escalation Vulnerability
High
CVE-2017-17068
was published
for
auth0-js
(npm)
Dec 21, 2017
Duplicate advisory: High severity vulnerability that affects passport-wsfed-saml2
High
GHSA-7fpw-cfc4-3p2c
was published
for
passport-wsfed-saml2
(npm)
Dec 28, 2017
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API