Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

947 advisories

Server secret was included in static assets and served to clients Critical
GHSA-r587-7jh2-4qr3 was published for flood (npm) Aug 26, 2020
jesec
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople Critical
GHSA-4vmm-mhcq-4x9j was published for constantinople (npm) Jun 14, 2019
Sensitive Data Exposure in pem Critical
GHSA-pgcr-7wm4-mcv6 was published for pem (npm) Jun 4, 2019
Privilege Escalation in express-cart Critical
GHSA-3fc5-9x9m-vqc4 was published for express-cart (npm) Jun 3, 2019
Failure to sanitize quotes which can lead to sql injection in squel Critical
GHSA-4qhx-g9wp-g9m6 was published for squel (npm) Jun 14, 2019
Command Injection in open Critical
GHSA-28xh-wpgr-7fm8 was published for open (npm) Jun 20, 2019
Prototype Pollution in deeply Critical
CVE-2019-10750 was published for deeply (npm) Aug 27, 2019
SQL Injection in sequelize Critical
CVE-2019-10748 was published for sequelize (npm) Nov 6, 2019
SQL Injection in sequelize Critical
CVE-2019-10749 was published for sequelize (npm) Nov 8, 2019
Identity Spoofing in libp2p-secio Critical
GHSA-rch7-f4h5-x9rj was published for libp2p-secio (npm) Aug 23, 2019
OS Command Injection in devcert-sanscache Critical
CVE-2019-10778 was published for devcert-sanscache (npm) Apr 14, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11071 was published for slpjs (npm) May 12, 2020
curlrequest allows execution of arbitrary commands Critical
CVE-2020-7646 was published for curlrequest (npm) May 13, 2020
Command Injection in hot-formula-parser Critical
CVE-2020-6836 was published for hot-formula-parser (npm) May 6, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11072 was published for slp-validate (npm) May 12, 2020
OS command injection in aws-lambda Critical
CVE-2019-10777 was published for aws-lambda (npm) Feb 14, 2020
OS command injection in git-diff-apply Critical
CVE-2019-10776 was published for git-diff-apply (npm) Feb 14, 2020
Validation Bypass in schema-inspector Critical
CVE-2019-10781 was published for schema-inspector (npm) Jun 10, 2020
Validation Bypass in slp-validate Critical
CVE-2019-16761 was published for slp-validate (npm) Nov 15, 2019
Arbitrary JavaScript Execution in bassmaster Critical
CVE-2014-7205 was published for bassmaster (npm) Oct 24, 2017
Sandbox Breakout in realms-shim Critical
GHSA-7cg8-pq9v-x98q was published for realms-shim (npm) Oct 21, 2019
Critical severity vulnerability that affects slpjs Critical
CVE-2019-16762 was published for slpjs (npm) Nov 15, 2019
Sandbox Breakout in realms-shim Critical
GHSA-6jg8-7333-554w was published for realms-shim (npm) Oct 4, 2019
Potential Command Injection in printer Critical
CVE-2014-3741 was published for printer (npm) Nov 28, 2017
Verification Bypass in jsonwebtoken Critical
CVE-2015-9235 was published for jsonwebtoken (npm) Oct 9, 2018
ProTip! Advisories are also available from the GraphQL API