Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,046 advisories

Loading
Sandbox Breakout / Arbitrary Code Execution in static-eval Moderate
CVE-2017-16226 was published for static-eval (npm) Aug 6, 2018
Open Redirect in st Moderate
CVE-2017-16224 was published for st (npm) Aug 6, 2018
Directory Traversal in elding Moderate
CVE-2017-16222 was published for elding (npm) Aug 6, 2018
coffescript is malware High
CVE-2017-16205 was published for coffescript (npm) Aug 6, 2018
cofee-script is malware High
CVE-2017-16206 was published for cofee-script (npm) Aug 6, 2018
coffe-script is malware High
CVE-2017-16203 was published for coffe-script (npm) Aug 6, 2018
cofeescript is malware Moderate
CVE-2017-16202 was published for cofeescript (npm) Aug 6, 2018
Directory Traversal in ritp High
CVE-2017-16198 was published for ritp (npm) Aug 6, 2018
Moderate severity vulnerability that affects moment Moderate
GHSA-hxf5-mg84-pj4m was published for moment (npm) Jul 31, 2018 withdrawn
npm Token Leak in npm High
CVE-2016-3956 was published for npm (npm) Jul 31, 2018
Moderate severity vulnerability that affects is-my-json-valid Moderate
GHSA-ccq6-3qx5-vmqx was published for is-my-json-valid (npm) Jul 31, 2018 withdrawn
Regular Expression Denial of Service in hawk High
CVE-2016-2515 was published for hawk (npm) Jul 31, 2018
Downloads Resources over HTTP in react-native-baidu-voice-synthesizer High
CVE-2016-10697 was published for react-native-baidu-voice-synthesizer (npm) Jul 31, 2018
Downloads Resources over HTTP in alto-saxophone High
CVE-2016-10694 was published for alto-saxophone (npm) Jul 31, 2018
Downloads Resources over HTTP in haxeshim High
CVE-2016-10692 was published for haxeshim (npm) Jul 31, 2018
windows-seleniumjar downloads Resources over HTTP High
CVE-2016-10691 was published for windows-seleniumjar (npm) Jul 31, 2018
Command Injection in whereis Critical
CVE-2018-3772 was published for whereis (npm) Jul 31, 2018
Directory Traversal in serve Moderate
CVE-2018-3712 was published for serve (npm) Jul 27, 2018
tdunlap607
Arbitrary File Write in adm-zip Moderate
CVE-2018-1002204 was published for adm-zip (npm) Jul 27, 2018
Arbitrary File Write via Archive Extraction in unzipper Moderate
CVE-2018-1002203 was published for unzipper (npm) Jul 27, 2018
Path Traversal in superstatic High
GHSA-wm77-q74p-5763 was published for superstatic (npm) Jul 27, 2018
Macro in MathJax running untrusted Javascript within a web browser Moderate
CVE-2018-1999024 was published for mathjax (npm) Jul 27, 2018
bracket-template vulnerable to reflected XSS Moderate
CVE-2018-3735 was published for bracket-template (npm) Jul 27, 2018
Denial of Service in https-proxy-agent Critical
CVE-2018-3739 was published for https-proxy-agent (npm) Jul 27, 2018
kurt-r2c
Path Traversal in mcstatic High
CVE-2018-3730 was published for mcstatic (npm) Jul 27, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database