GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
117,957 advisories
Filter by severity
Denial of Service in protobufjs
Moderate
GHSA-4gpv-cvmq-6526
was published
for
protobufjs
(npm)
Aug 19, 2020
•
withdrawn
Prototype Pollution in upmerge
Moderate
GHSA-gm9g-2g8v-fvxj
was published
for
upmerge
(npm)
Jun 6, 2019
Insecure Default Configuration in tesseract.js
Moderate
GHSA-83rx-c8cr-6j8q
was published
for
tesseract.js
(npm)
Jun 5, 2019
HTML tag injection
Moderate
GHSA-9vhv-p9r7-rm53
was published
for
serve-handler
(npm)
Feb 23, 2021
•
withdrawn
Denial of Service in js-yaml
Moderate
GHSA-2pr6-76vf-7546
was published
for
js-yaml
(npm)
Jun 5, 2019
Prototype Pollution in lutils-merge
Moderate
GHSA-f7qw-5pvg-mmwp
was published
for
lutils-merge
(npm)
Jun 13, 2019
Arbitrary Code Injection in mobile-icon-resizer
Moderate
GHSA-mxjr-xmcg-fg7w
was published
for
mobile-icon-resizer
(npm)
Jun 27, 2019
Regular Expression Denial of Service in underscore.string
Moderate
GHSA-v2p6-4mp7-3r9v
was published
for
underscore.string
(npm)
Jun 14, 2019
Regular Expression Denial of Service
Moderate
GHSA-qx4v-6gc5-f2vv
was published
for
esm
(npm)
Jun 20, 2019
Cross-Site Scripting in marked
Moderate
GHSA-8wp3-cp9v-44fm
was published
for
marked
(npm)
Feb 25, 2021
•
withdrawn
Versions 0.3.2 and earlier of marked are affected by a cross-site scripting vulnerability even...
Moderate
GHSA-32vw-r77c-gm67
was published
for
marked
(npm)
Aug 3, 2020
•
withdrawn
Memory Exposure in concat-stream
Moderate
GHSA-g74r-ffvr-5q9f
was published
for
concat-stream
(npm)
Jun 3, 2019
Path Traversal in statics-server
Moderate
GHSA-74cp-qw7f-7hpw
was published
for
statics-server
(npm)
Jun 5, 2019
Denial of Service in url-relative
Moderate
GHSA-86p3-4gfq-38f2
was published
for
url-relative
(npm)
Jun 5, 2019
Regular Expression Denial of Service in highcharts
Moderate
GHSA-m45f-4828-5cv5
was published
for
highcharts
(npm)
Aug 19, 2020
•
withdrawn
Out-of-bounds Read in npmconf
Moderate
GHSA-57cf-349j-352g
was published
for
npmconf
(npm)
Jun 12, 2019
Open Redirect in ecstatic
Moderate
GHSA-x4rf-4mqf-cm8w
was published
for
ecstatic
(npm)
Aug 19, 2020
•
withdrawn
Content injection in marked
Moderate
GHSA-wjmf-58vc-xqjr
was published
for
marked
(npm)
Feb 25, 2021
•
withdrawn
Remote Memory Exposure in floody
Moderate
GHSA-3p92-886g-qxpq
was published
for
floody
(npm)
Jun 4, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Moderate
GHSA-69p9-9qm9-h447
was published
for
safer-eval
(npm)
Aug 19, 2020
•
withdrawn
Cross-Site Request Forgery (CSRF)
Moderate
GHSA-wj5j-xpcj-45gc
was published
for
devise_invitable
(RubyGems)
Feb 24, 2021
•
withdrawn
Rate Limiting Bypass in express-brute
Moderate
GHSA-984p-xq9m-4rjw
was published
for
express-brute
(npm)
Jun 7, 2019
ProTip!
Advisories are also available from the
GraphQL API