Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,712 advisories

Loading
Path Traversal in servey Moderate
GHSA-rv49-54qp-fw42 was published for servey (npm) Jun 6, 2019
SQL Injection in typeorm High
GHSA-w7q7-vjp8-7jv4 was published for typeorm (npm) Jun 6, 2019
Regular Expression Denial of Service Moderate
GHSA-6394-6h9h-cfjg was published for nwmatcher (npm) Jun 7, 2019
Cross-Site Scripting in ids-enterprise High
GHSA-hpfq-8wx8-cgqw was published for ids-enterprise (npm) Jun 13, 2019
Remote code execution in Handlebars.js Moderate
GHSA-6r5x-hmgg-7h53 was published for handlebars (npm) Jul 15, 2019 withdrawn
Regular Expression Denial of Service Moderate
GHSA-jcgq-xh2f-2hfm was published for eslint (npm) Feb 25, 2021 withdrawn
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople Critical
GHSA-4vmm-mhcq-4x9j was published for constantinople (npm) Jun 14, 2019
Cross-Site Scripting in ids-enterprise High
GHSA-49r3-3h96-rwj6 was published for ids-enterprise (npm) Jun 13, 2019
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (npm) Jul 19, 2019
mitchell-codecov
Denial of Service in protobufjs Moderate
GHSA-4gpv-cvmq-6526 was published for protobufjs (npm) Aug 19, 2020 withdrawn
Memory Exposure in bl Moderate
GHSA-wrw9-m778-g6mc was published for bl (npm) Jun 3, 2019
Privilege Escalation in express-cart Critical
GHSA-3fc5-9x9m-vqc4 was published for express-cart (npm) Jun 3, 2019
Sensitive Data Exposure in pem Critical
GHSA-pgcr-7wm4-mcv6 was published for pem (npm) Jun 4, 2019
Prototype Pollution in upmerge Moderate
GHSA-gm9g-2g8v-fvxj was published for upmerge (npm) Jun 6, 2019
Command Injection in opencv Low
GHSA-f698-m2v9-5fh3 was published for opencv (npm) Jun 4, 2019
Insecure Default Configuration in tesseract.js Moderate
GHSA-83rx-c8cr-6j8q was published for tesseract.js (npm) Jun 5, 2019
Prototype Pollution in @apollo/gateway High
GHSA-74cr-77xc-8g6r was published for @apollo/gateway (npm) Jun 13, 2019
HTML tag injection Moderate
GHSA-9vhv-p9r7-rm53 was published for serve-handler (npm) Feb 23, 2021 withdrawn
Denial of Service in js-yaml Moderate
GHSA-2pr6-76vf-7546 was published for js-yaml (npm) Jun 5, 2019
NoSQL Injection in loopback-connector-mongodb High
GHSA-m734-r4g6-34f9 was published for loopback-connector-mongodb (npm) Jun 4, 2019
Prototype Pollution in lutils-merge Moderate
GHSA-f7qw-5pvg-mmwp was published for lutils-merge (npm) Jun 13, 2019
Signature Verification Bypass in jwt-simple High
GHSA-8v5f-hp78-jgxq was published for jwt-simple (npm) Jun 6, 2019
Arbitrary Code Injection in mobile-icon-resizer Moderate
GHSA-mxjr-xmcg-fg7w was published for mobile-icon-resizer (npm) Jun 27, 2019
Failure to sanitize quotes which can lead to sql injection in squel Critical
GHSA-4qhx-g9wp-g9m6 was published for squel (npm) Jun 14, 2019
Regular Expression Denial of Service in underscore.string Moderate
GHSA-v2p6-4mp7-3r9v was published for underscore.string (npm) Jun 14, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database