GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,723
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
2,999
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,475 advisories
Filter by severity
Cross-Site Scripting in ids-enterprise
High
GHSA-crfx-5phg-hmw9
was published
for
ids-enterprise
(npm)
Jun 13, 2019
Cross-Site Scripting via JSONP
Moderate
GHSA-28hp-fgcr-2r4h
was published
for
angular
(npm)
Jun 27, 2019
Cross-Site Scripting in @nuxt/devalue
Moderate
CVE-2019-13506
was published
for
@nuxt/devalue
(npm)
Jul 16, 2019
Cross-Site Scripting in cyberchef
Moderate
CVE-2019-15532
was published
for
cyberchef
(npm)
Aug 27, 2019
Cross-Site Scripting in keystone
Moderate
GHSA-h29r-4vqp-8jxf
was published
for
keystone
(npm)
Aug 20, 2020
•
withdrawn
Cross-Site Scripting in status-board
Moderate
CVE-2019-15478
was published
for
status-board
(npm)
Sep 23, 2019
Undefined Behavior in sailsjs-cacheman
Low
GHSA-5w65-6875-rhq8
was published
for
sailsjs-cacheman
(npm)
Sep 11, 2019
Cross-Site Scripting in iobroker.web
Moderate
CVE-2019-10771
was published
for
iobroker.web
(npm)
Dec 2, 2019
Validation bypass is possible in Json Pattern Validator
Moderate
CVE-2019-19507
was published
for
jpv
(npm)
Dec 4, 2019
Remote Code Execution in Angular Expressions
High
CVE-2020-5219
was published
for
angular-expressions
(npm)
Jan 24, 2020
Path Traversal in algo-httpserv
High
GHSA-cgjv-rghq-qhgp
was published
for
algo-httpserv
(npm)
Sep 11, 2019
Denial of Service in rgb2hex
Moderate
GHSA-65p8-3hm4-h9h8
was published
for
rgb2hex
(npm)
Aug 23, 2019
Improper Key Verification in openpgp
High
CVE-2019-9154
was published
for
openpgp
(npm)
Aug 23, 2019
Identity Spoofing in libp2p-secio
Critical
GHSA-rch7-f4h5-x9rj
was published
for
libp2p-secio
(npm)
Aug 23, 2019
Cross-Site Scripting in selectize-plugin-a11y
Moderate
CVE-2019-15482
was published
for
selectize-plugin-a11y
(npm)
Aug 27, 2019
ProTip!
Advisories are also available from the
GraphQL API