Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,459 advisories

Loading
Prototype Pollution in hoek High
CVE-2018-3728 was published for hoek (npm) Apr 26, 2018
Electron protocol handler browser vulnerable to Command Injection High
CVE-2018-1000118 was published for electron (npm) Mar 26, 2018
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration High
CVE-2018-1000136 was published for electron (npm) Mar 26, 2018
Churro
tiny-json-http missing SSL certificate validation High
CVE-2018-1000096 was published for tiny-json-http (npm) Mar 13, 2018
pym.js CSRF Vulnerability High
CVE-2018-1000086 was published for pym.js (npm) Mar 13, 2018
Auth0-js bypasses CSRF checks High
CVE-2018-7307 was published for auth0-js (npm) Mar 7, 2018
AWS Lambda parser is vulnerable to Regular Expression Denial of Service High
CVE-2018-7560 was published for aws-lambda-multipart-parser (npm) Mar 5, 2018
ejs vulnerable to DoS due to weak input validation High
CVE-2017-1000189 was published for ejs (npm) Mar 5, 2018
Regular Expression Denial of Service in moment High
CVE-2017-18214 was published for moment (npm) Mar 5, 2018
tdunlap607
ReDoS in brace-expansion High
CVE-2017-18077 was published for brace-expansion (npm) Jan 29, 2018
Directory traversal vulnerability in Next.js High
CVE-2018-6184 was published for next (npm) Jan 24, 2018
Remote Code Execution in electron High
CVE-2018-1000006 was published for electron (npm) Jan 23, 2018
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames High
CVE-2017-1000452 was published for samlify (npm) Jan 4, 2018
eoftedal
Denial of Service in ecstatic High
CVE-2016-10703 was published for ecstatic (npm) Dec 28, 2017
Duplicate advisory: High severity vulnerability that affects passport-wsfed-saml2 High
GHSA-7fpw-cfc4-3p2c was published for passport-wsfed-saml2 (npm) Dec 28, 2017 withdrawn
auth0-js Privilege Escalation Vulnerability High
CVE-2017-17068 was published for auth0-js (npm) Dec 21, 2017
Next.js Directory Traversal Vulnerability High
CVE-2017-16877 was published for next (npm) Dec 5, 2017
tdunlap607
Cross-Site Request Forgery (CSRF) in keystone High
CVE-2017-16570 was published for keystone (npm) Nov 30, 2017
Potential Command Injection in codem-transcode High
CVE-2013-7377 was published for codem-transcode (npm) Nov 28, 2017
Keystone is vulnerable to CSV injection High
CVE-2017-15879 was published for keystone (npm) Nov 16, 2017
Denial-of-Service Memory Exhaustion in qs High
CVE-2014-7191 was published for qs (npm) Oct 24, 2017
Regular Expression Denial of Service in semver High
CVE-2015-8855 was published for semver (npm) Oct 24, 2017
Regular Expression Denial of Service in ms High
CVE-2015-8315 was published for ms (npm) Oct 24, 2017
File Descriptor Leak Can Cause DoS Vulnerability in hapi High
CVE-2014-3742 was published for hapi (npm) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database