Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

10,764 advisories

Loading
Information Disclosure in TYPO3 extension sf_event_mgt Moderate
CVE-2020-25026 was published for derhansen/sf_event_mgt (Composer) Sep 2, 2020
derhansen
Credited to derhansen
Prototype Pollution in smart-extend Moderate
GHSA-f8h3-rqrm-47v9 was published for smart-extend (npm) Sep 2, 2020
Sandbox Breakout / Arbitrary Code Execution in sandbox Moderate
GHSA-fm4j-4xhm-xpwx was published for sandbox (npm) Sep 2, 2020
Remote Memory Exposure in bl Moderate
CVE-2020-8244 was published for bl (npm) Sep 2, 2020
Out-of-bounds Read in base64url Moderate
GHSA-rvg8-pwq2-xj7q was published for base64url (npm) Sep 1, 2020
tdunlap607
Credited to tdunlap607
Remote Memory Exposure in openwhisk Moderate
GHSA-53mj-mc38-q894 was published for openwhisk (npm) Sep 1, 2020
Remote Memory Exposure in mongoose Moderate
GHSA-r5xw-q988-826m was published for mongoose (npm) Sep 1, 2020
mprpic
Credited to mprpic
Directory Traversal in featurebook Moderate
GHSA-7x92-2j68-h32c was published for featurebook (npm) Sep 1, 2020
cross-env.js is malware Moderate
CVE-2017-16081 was published for cross-env.js (npm) Sep 1, 2020
Nodesass is malware Moderate
CVE-2017-16080 was published for nodesass (npm) Sep 1, 2020
Tracking Module in botbait Moderate
CVE-2017-16126 was published for botbait (npm) Sep 1, 2020
Directory Traversal in dasafio Moderate
CVE-2017-16179 was published for dasafio (npm) Sep 1, 2020
Cross-Site Scripting in yui Moderate
CVE-2013-4939 was published for yui (npm) Sep 1, 2020
Cross-Site Scripting in jquery Moderate
CVE-2012-6708 was published for jQuery (RubyGems) Sep 1, 2020
klaudialax
Credited to klaudialax
XSS via Angular Expression in ag-grid Moderate
CVE-2017-16009 was published for ag-grid (npm) Sep 1, 2020
Downloads Resources over HTTP in adamvr-geoip-lite Moderate
CVE-2016-10680 was published for adamvr-geoip-lite (npm) Sep 1, 2020
Cross-Site Scripting in gitbook Moderate
CVE-2017-16019 was published for gitbook (npm) Sep 1, 2020
Cross-Site Scripting in c3 Moderate
CVE-2016-1000240 was published for c3 (npm) Sep 1, 2020
tdunlap607
Credited to tdunlap607
Spoofing attack due to unvalidated KDC in node-krb5 Moderate
CVE-2016-1000238 was published for node-krb5 (npm) Sep 1, 2020
Insecure Defaults Leads to Potential MITM in ezseed-transmission Moderate
CVE-2016-1000224 was published for ezseed-transmission (npm) Sep 1, 2020
Cross-Site Scripting in dojo Moderate
CVE-2008-6681 was published for dojo (npm) Sep 1, 2020
Template Injection in jsrender Moderate
CVE-2016-3942 was published for jsrender (npm) Sep 1, 2020
Remote Memory Disclosure in bittorrent-dht Moderate
CVE-2016-10519 was published for bittorrent-dht (npm) Sep 1, 2020
SQL Injection in mysql Moderate
CVE-2015-9244 was published for mysql (npm) Sep 1, 2020
Unsafe Merging of CORS Configuration Conflict in hapi Moderate
CVE-2015-9243 was published for hapi (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database