GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
66 advisories
Filter by severity
Keystone is vulnerable to CSV injection
High
CVE-2017-15879
was published
for
keystone
(npm)
Nov 16, 2017
ejs vulnerable to DoS due to weak input validation
High
CVE-2017-1000189
was published
for
ejs
(npm)
Mar 5, 2018
AWS Lambda parser is vulnerable to Regular Expression Denial of Service
High
CVE-2018-7560
was published
for
aws-lambda-multipart-parser
(npm)
Mar 5, 2018
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
High
CVE-2018-1000136
was published
for
electron
(npm)
Mar 26, 2018
Prototype Pollution in mixin-deep
High
CVE-2018-3719
was published
for
mixin-deep
(npm)
Jul 26, 2018
Prototype Pollution in cached-path-relative
High
CVE-2018-16472
was published
for
cached-path-relative
(npm)
Nov 7, 2018
Header Forgery in http-signature
High
CVE-2017-16005
was published
for
http-signature
(npm)
Nov 9, 2018
Missing Origin Validation in webpack-dev-server
High
CVE-2018-14732
was published
for
webpack-dev-server
(npm)
Jan 4, 2019
assign-deep Vulnerable to Prototype Pollution
High
CVE-2019-10745
was published
for
assign-deep
(npm)
Aug 21, 2019
Regular Expression Denial of Service in csv-parse
High
CVE-2019-17592
was published
for
csv-parse
(npm)
Oct 15, 2019
TaffyDB can allow access to any data items in the DB
High
CVE-2019-10790
was published
for
taffy
(npm)
Feb 19, 2020
Prototype Pollution Protection Bypass in qs
High
CVE-2017-1000048
was published
for
qs
(npm)
Apr 30, 2020
Improper Input Validation in sails-hook-sockets
High
CVE-2018-21036
was published
for
sails-hook-sockets
(npm)
Jul 24, 2020
Remote Code Execution in pomelo-monitor
High
GHSA-m5ch-gx8g-rg73
was published
for
pomelo-monitor
(npm)
Sep 2, 2020
Remote Code Execution in office-converter
High
GHSA-9p64-h5q4-phpm
was published
for
office-converter
(npm)
Sep 2, 2020
Remote Code Execution in pi_video_recording
High
GHSA-9wjh-jr2j-6r4x
was published
for
pi_video_recording
(npm)
Sep 2, 2020
File restriction bypass in socket.io-file
High
GHSA-6495-8jvh-f28x
was published
for
socket.io-file
(npm)
Oct 2, 2020
Prototype pollution in object-path
High
CVE-2020-15256
was published
for
object-path
(npm)
Oct 19, 2020
ProTip!
Advisories are also available from the
GraphQL API