Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,873 advisories

Improper Privilege Management in devise_masquerade High
CVE-2021-28680 was published for devise_masquerade (RubyGems) Dec 8, 2021
Observable Discrepancy in Apache Kafka Moderate
CVE-2021-38153 was published for org.apache.kafka:kafka-clients (Maven) Sep 23, 2021
pavelarnost
Cross-Site Scripting in Qiita-Markdown Moderate
CVE-2021-28796 was published for qiita-markdown (RubyGems) Aug 2, 2021
Activerecord-session_store Vulnerable to Timing Attack Moderate
CVE-2019-25025 was published for activerecord-session_store (RubyGems) Mar 9, 2021
Mail Gem Improper Input Validation vulnerability High
CVE-2012-2140 was published for mail (RubyGems) Oct 24, 2017
lawn-login exposes database password to unauthorized users High
CVE-2014-5000 was published for lawn-login (RubyGems) Jan 22, 2018
Improper Authentication in Apache ShenYu Admin Critical
CVE-2021-37580 was published for org.apache.shenyu:shenyu-admin (Maven) Nov 17, 2021
intrigus-lgtm
Directory Traversal in looppake High
CVE-2017-16169 was published for looppake (npm) Jul 23, 2018
Shadowsock is malware Moderate
CVE-2017-16078 was published for shadowsock (npm) Aug 27, 2018
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations Low
GHSA-58qw-p7qm-5rvh was published for org.eclipse.jetty:jetty-xml (Maven) Jul 10, 2023
uriyay-jfrog joakime
chadlwilson
Cross-site scripting in lazysizes Moderate
CVE-2020-7642 was published for lazysizes (npm) Dec 10, 2021
Prototype Pollution in js-data Critical
CVE-2020-28442 was published for js-data (npm) Feb 9, 2022
Arbitrary Code Execution in json-ptr High
CVE-2020-7766 was published for json-ptr (npm) May 10, 2021
tdunlap607
Prototype pollution in @tsed/core Moderate
CVE-2020-7748 was published for @tsed/core (npm) May 10, 2021
Directory Traversal in mfrserver High
CVE-2017-16213 was published for mfrserver (npm) Sep 1, 2020
Cross-site Scripting in markdown-it-highlightjs Moderate
CVE-2020-7773 was published for markdown-it-highlightjs (npm) Feb 10, 2022
Prototype Pollution in decal High
CVE-2020-28450 was published for decal (npm) Apr 13, 2021
Command injection in node-ps Critical
CVE-2020-7785 was published for node-ps (npm) Mar 19, 2021
Denial of service in prismjs High
CVE-2021-23341 was published for prismjs (npm) Mar 1, 2021
Command Injection in ps-kill Critical
CVE-2021-23355 was published for ps-kill (npm) Mar 19, 2021
Directory Traversal in uv-tj-demo High
CVE-2017-16200 was published for uv-tj-demo (npm) Sep 1, 2020
Directory Traversal in chatbyvista High
CVE-2017-16177 was published for chatbyvista (npm) Sep 1, 2020
Nodesass is malware Moderate
CVE-2017-16080 was published for nodesass (npm) Sep 1, 2020
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
js-bson vulnerable to REDoS High
CVE-2018-13863 was published for bson (npm) Sep 17, 2018
ProTip! Advisories are also available from the GraphQL API