Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,026 advisories

Moderate severity vulnerability that affects moment Moderate
GHSA-hxf5-mg84-pj4m was published for moment (npm) Jul 31, 2018 withdrawn
Moderate severity vulnerability that affects is-my-json-valid Moderate
GHSA-ccq6-3qx5-vmqx was published for is-my-json-valid (npm) Jul 31, 2018 withdrawn
Directory Traversal in serve Moderate
CVE-2018-3712 was published for serve (npm) Jul 27, 2018
tdunlap607
Arbitrary File Write in adm-zip Moderate
CVE-2018-1002204 was published for adm-zip (npm) Jul 27, 2018
Arbitrary File Write via Archive Extraction in unzipper Moderate
CVE-2018-1002203 was published for unzipper (npm) Jul 27, 2018
Macro in MathJax running untrusted Javascript within a web browser Moderate
CVE-2018-1999024 was published for mathjax (npm) Jul 27, 2018
bracket-template vulnerable to reflected XSS Moderate
CVE-2018-3735 was published for bracket-template (npm) Jul 27, 2018
Remote Code Execution in markdown-pdf Moderate
CVE-2018-3770 was published for markdown-pdf (npm) Jul 27, 2018
Prototype Pollution in lodash Moderate
CVE-2018-3721 was published for lodash (npm) Jul 26, 2018
Cross-Site Scripting in connect Moderate
CVE-2018-3717 was published for connect (npm) Jul 26, 2018
nitaiapiiro
Stored Cross-Site Scripting in simplehttpserver Moderate
CVE-2018-3716 was published for simplehttpserver (npm) Jul 26, 2018
Path Traversal in glance Moderate
CVE-2018-3715 was published for glance (npm) Jul 26, 2018
Path Traversal in node-srv Moderate
CVE-2018-3714 was published for node-srv (npm) Jul 26, 2018
Path Traversal in angular-http-server Moderate
CVE-2018-3713 was published for angular-http-server (npm) Jul 26, 2018
Regular Expression Denial of Service in slug Moderate
CVE-2017-16117 was published for slug (npm) Jul 24, 2018
G-Rath
Bypassing Sanitization using DOM clobbering in html-janitor Moderate
CVE-2017-0928 was published for html-janitor (npm) Jul 24, 2018
Regular Expression Denial Of Service in uri-js Moderate
CVE-2017-16021 was published for uri-js (npm) Jul 24, 2018
Cross-Site Scripting in i18next Moderate
CVE-2017-16010 was published for i18next (npm) Jul 24, 2018
sqlite.js is malware Moderate
CVE-2017-16050 was published for sqlite.js (npm) Jul 23, 2018
Invalid Curve Attack in node-jose Moderate
CVE-2017-16007 was published for node-jose (npm) Jul 20, 2018
tdunlap607
Open Redirect in hekto Moderate
CVE-2018-3743 was published for hekto (npm) Jul 18, 2018
Cross-site Scripting (XSS) - Stored in crud-file-server Moderate
CVE-2018-3726 was published for crud-file-server (npm) Jul 18, 2018
Information Exposure on Case Insensitive File Systems in serve Moderate
CVE-2018-3809 was published for serve (npm) Jul 18, 2018
Incorrect handling of CORS preflight request headers in hapi Moderate
CVE-2015-9236 was published for hapi (npm) Jun 7, 2018
Cross-Site Scripting in @ckeditor/ckeditor5-link Moderate
CVE-2018-11093 was published for @ckeditor/ckeditor5-link (npm) May 23, 2018
tdunlap607
ProTip! Advisories are also available from the GraphQL API