GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,723
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
2,999
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,475 advisories
Filter by severity
Open Redirect in hekto
Low
GHSA-c5j4-vw9m-xc95
was published
for
hekto
(npm)
Aug 27, 2020
•
withdrawn
Cross-Site Scripting in react-svg
High
GHSA-8xqr-4cpm-wx7g
was published
for
react-svg
(npm)
May 31, 2019
Out-of-bounds Read in base64-url
High
GHSA-j4mr-9xw3-c9jx
was published
for
base64-url
(npm)
May 31, 2019
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Out-of-bounds Read in concat-with-sourcemaps
Moderate
GHSA-2xv3-h762-ccxv
was published
for
concat-with-sourcemaps
(npm)
May 29, 2019
Directory Traversal
High
GHSA-f6gj-7592-5jxm
was published
for
node-simple-router
(npm)
Feb 23, 2021
•
withdrawn
Incorrect Authorization
Moderate
GHSA-5hx7-77g4-wqx3
was published
for
aedes
(npm)
Feb 23, 2021
•
withdrawn
Command Injection in dns-sync
Moderate
GHSA-c6h2-mpc6-232h
was published
for
dns-sync
(npm)
Aug 27, 2020
•
withdrawn
Authentication Weakness in keystone
Moderate
GHSA-9xgp-hfw7-73rq
was published
for
keystone
(npm)
Aug 19, 2020
•
withdrawn
Cross-Site Scripting in bracket-template
High
GHSA-jj6g-7j8p-7gf2
was published
for
bracket-template
(npm)
May 30, 2019
Regular Expression Denial of Service
Moderate
GHSA-7m7q-q53v-j47v
was published
for
marked
(npm)
Feb 25, 2021
•
withdrawn
Missing Origin Validation in parcel-bundler
Moderate
GHSA-5j4m-89xf-mf5p
was published
for
parcel-bundler
(npm)
Aug 27, 2020
•
withdrawn
Regular Expression Denial of Service
Moderate
GHSA-6394-6h9h-cfjg
was published
for
nwmatcher
(npm)
Jun 7, 2019
Path Traversal in localhost-now
High
GHSA-73cw-jxmm-qpgh
was published
for
localhost-now
(npm)
Jun 11, 2019
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
Path Traversal in m-server
Moderate
GHSA-vc6r-4x6g-mmqc
was published
for
m-server
(npm)
Jun 11, 2019
ProTip!
Advisories are also available from the
GraphQL API