GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
143 advisories
Filter by severity
Insecure Default Configuration in redbird
Moderate
GHSA-8948-ffc6-jg52
was published
for
redbird
(npm)
Jun 6, 2019
Validation Bypass in slp-validate
Critical
CVE-2019-16761
was published
for
slp-validate
(npm)
Nov 15, 2019
Prototype Pollution Protection Bypass in qs
High
CVE-2017-1000048
was published
for
qs
(npm)
Apr 30, 2020
Critical severity vulnerability that affects slpjs
Critical
CVE-2019-16762
was published
for
slpjs
(npm)
Nov 15, 2019
AWS Lambda parser is vulnerable to Regular Expression Denial of Service
High
CVE-2018-7560
was published
for
aws-lambda-multipart-parser
(npm)
Mar 5, 2018
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Moderate
CVE-2018-1000023
was published
for
insight-api
(npm)
Mar 5, 2018
Verification Bypass in jsonwebtoken
Critical
CVE-2015-9235
was published
for
jsonwebtoken
(npm)
Oct 9, 2018
Keystone is vulnerable to CSV injection
High
CVE-2017-15879
was published
for
keystone
(npm)
Nov 16, 2017
Missing Origin Validation in webpack-dev-server
High
CVE-2018-14732
was published
for
webpack-dev-server
(npm)
Jan 4, 2019
Prototype Pollution in async merge-object
Critical
CVE-2018-3753
was published
for
merge-object
(npm)
Sep 18, 2018
Prototype Pollution in merge-options
Critical
CVE-2018-3752
was published
for
merge-options
(npm)
Oct 9, 2018
Deserialization Code Execution in js-yaml
Critical
CVE-2013-4660
was published
for
js-yaml
(npm)
Oct 24, 2017
Forgeable Public/Private Tokens in jwt-simple
Critical
CVE-2016-10555
was published
for
jwt-simple
(npm)
Nov 6, 2018
Remote Code Execution in pi_video_recording
High
GHSA-9wjh-jr2j-6r4x
was published
for
pi_video_recording
(npm)
Sep 2, 2020
User Impersonation in converse.js
Moderate
CVE-2017-5858
was published
for
converse.js
(npm)
Sep 11, 2020
Remote Code Execution in office-converter
High
GHSA-9p64-h5q4-phpm
was published
for
office-converter
(npm)
Sep 2, 2020
File restriction bypass in socket.io-file
High
GHSA-6495-8jvh-f28x
was published
for
socket.io-file
(npm)
Oct 2, 2020
Remote Code Execution in pomelo-monitor
High
GHSA-m5ch-gx8g-rg73
was published
for
pomelo-monitor
(npm)
Sep 2, 2020
ReDOS vulnerabities: multiple grammars
Moderate
GHSA-7wwv-vh3v-89cq
was published
for
@highlightjs/cdn-assets
(npm)
Dec 4, 2020
Remote Code Execution in npm-groovy-lint
Critical
GHSA-qc22-qwm9-j8rx
was published
for
npm-groovy-lint
(npm)
Dec 20, 2021
gatsby-transformer-remark has possible unsanitized JavaScript code injection
High
CVE-2023-22491
was published
for
gatsby-transformer-remark
(npm)
Jan 11, 2023
Improper Input Validation in url-js
Moderate
CVE-2022-25839
was published
for
url-js
(npm)
Mar 12, 2022
Regular Expression Denial-of-Service in npm schema-inspector
High
CVE-2021-21267
was published
for
schema-inspector
(npm)
Mar 19, 2021
ProTip!
Advisories are also available from the
GraphQL API