Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

280,388 advisories

Loading
Cross-Site Scripting in JSPWiki Moderate
CVE-2019-10076 was published for org.apache.jspwiki:jspwiki-main (Maven) Jun 6, 2019
Insecure Credential Storage in web3 Low
GHSA-27v7-qhfv-rqq8 was published for web3 (npm) May 30, 2019
Server-Side Request Forgery in terriajs-server High
GHSA-p72p-rjr2-r439 was published for terriajs-server (npm) May 29, 2019
Cross-Site Scripting Moderate
GHSA-57h7-r3q3-w57j was published for djangorestframework (pip) Feb 24, 2021 withdrawn
Directory Traversal High
GHSA-26hg-crh6-mjrw was published for list-n-stream (npm) Feb 23, 2021 withdrawn
Path Traversal in angular-http-server High
GHSA-vmhw-fhj6-m3g5 was published for angular-http-server (npm) May 31, 2019
XML external entity (XXE) vulnerability High
GHSA-c8m9-mh38-97p9 was published for org.jpmml:pmml-model (Maven) Feb 24, 2021 withdrawn
SQL Injection in waterline-sequel High
GHSA-mpcx-8qqw-rmcq was published for waterline-sequel (npm) Aug 19, 2020 withdrawn
rocksdb vulnerable to out-of-bounds read Moderate
GHSA-xpp3-xrff-w6rh was published for rocksdb (Rust) Aug 12, 2022
Withdrawn Moderate
GHSA-chgg-rrmv-5q7x was published for jwt-simple (npm) Aug 3, 2020 withdrawn
Denial of Service in foreman High
GHSA-xm28-fw2x-fqv2 was published for foreman (npm) May 31, 2019
Cross-Site Scripting in bootbox Moderate
GHSA-87mg-h5r3-hw88 was published for bootbox (npm) May 30, 2019
Elliptic Curve Key Disclosure High
GHSA-h6wq-jw7q-grxv was published for org.bitbucket.b_c:jose4j (Maven) Feb 24, 2021 withdrawn
Directory Traversal in ltt.js High
GHSA-6qh5-wx38-q92g was published for ltt.js (npm) May 30, 2019
Reflected Cross-Site Scripting in jquery.terminal Moderate
GHSA-2hwp-g4g7-mwwj was published for jquery.terminal (npm) May 29, 2019
Privilege escalation vulnerability in Apache Hadoop High
CVE-2018-8029 was published for org.apache.hadoop:hadoop-main (Maven) May 31, 2019
Cross-Site Scripting in react-svg High
GHSA-8xqr-4cpm-wx7g was published for react-svg (npm) May 31, 2019
Memory Exposure in tunnel-agent Moderate
GHSA-xc7v-wxcw-j472 was published for tunnel-agent (npm) Jun 3, 2019
Out-of-bounds Read in base64-url High
GHSA-j4mr-9xw3-c9jx was published for base64-url (npm) May 31, 2019
Open Redirect in hekto Low
GHSA-c5j4-vw9m-xc95 was published for hekto (npm) Aug 27, 2020 withdrawn
Incorrect Authorization Moderate
GHSA-5hx7-77g4-wqx3 was published for aedes (npm) Feb 23, 2021 withdrawn
Directory Traversal High
GHSA-f6gj-7592-5jxm was published for node-simple-router (npm) Feb 23, 2021 withdrawn
Authentication Weakness in keystone Moderate
GHSA-9xgp-hfw7-73rq was published for keystone (npm) Aug 19, 2020 withdrawn
Out-of-bounds Read in concat-with-sourcemaps Moderate
GHSA-2xv3-h762-ccxv was published for concat-with-sourcemaps (npm) May 29, 2019
XSS Moderate
GHSA-qfmr-6qvh-49gm was published for knockout (npm) Feb 25, 2021 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database