Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

5,911 advisories

Loading
Duplicate Advisory: Command Injection in fs-git High
CVE-2017-16087 was published for fs-git (npm) May 29, 2019 withdrawn
Out-of-bounds Read in concat-with-sourcemaps Moderate
GHSA-2xv3-h762-ccxv was published for concat-with-sourcemaps (npm) May 29, 2019
Cross-Site Scripting in shave Moderate
CVE-2019-12313 was published for shave (npm) May 29, 2019
Cross-site Scripting in remarkable Moderate
CVE-2019-12043 was published for remarkable (npm) May 29, 2019
LeSuisse Credited to LeSuisse
Denial of Service in axios High
CVE-2019-10742 was published for axios (npm) May 29, 2019
tdunlap607 Credited to tdunlap607
Cross-Site Scripting (XSS) in Verdaccio Moderate
CVE-2019-14772 was published for verdaccio (npm) May 29, 2019
evilpacket Credited to evilpacket
Cryptographically Weak PRNG in generate-password Moderate
GHSA-6qqf-vvcr-7qrv was published for generate-password (npm) May 23, 2019
mysql Node.JS Module Vulnerable to Remote Memory Exposure Moderate
GHSA-5f7m-mmpc-qhh4 was published for mysql (npm) May 23, 2019
Cross-Site Scripting in webpack-bundle-analyzer Moderate
GHSA-pgr8-jg6h-8gw6 was published for webpack-bundle-analyzer (npm) May 23, 2019
tdunlap607 Credited to tdunlap607
Improper Input Validation and Buffer Over-read in mqtt-packet High
CVE-2019-5432 was published for mqtt-packet (npm) May 14, 2019
Cross-Site Scripting in simditor Moderate
CVE-2018-19048 was published for simditor (npm) May 14, 2019
Arbitrary File Overwrite in tar High
CVE-2018-20834 was published for tar (npm) May 1, 2019
Improper Input Validation in tar-fs High
CVE-2018-20835 was published for tar-fs (npm) May 1, 2019
Cross-site Scripting in NodeBB Moderate
CVE-2015-9286 was published for nodebb (npm) May 1, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax Credited to klaudialax, eoftedal, and Rudloff eoftedal eoftedal
Rudloff Rudloff
Duplicate Advisory: Prototype Pollution in jquery Moderate
CVE-2019-5428 was published for jquery (RubyGems) Apr 23, 2019 withdrawn
kurt-r2c Credited to kurt-r2c
SQL Injection in sequelize High
CVE-2019-11069 was published for sequelize (npm) Apr 11, 2019
tdunlap607 Credited to tdunlap607
Cross-Site Scripting in simple-markdown Moderate
CVE-2019-9844 was published for simple-markdown (npm) Apr 9, 2019
Materialize-css vulnerable to Cross-site Scripting in tooltip component Moderate
CVE-2019-11002 was published for @materializecss/materialize (npm) Apr 9, 2019
Materialize-css vulnerable to Cross-site Scripting in autocomplete component Moderate
CVE-2019-11003 was published for @materializecss/materialize (npm) Apr 9, 2019
erik-krogh Credited to erik-krogh
Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation Moderate
CVE-2019-11004 was published for @materializecss/materialize (npm) Apr 9, 2019
ajaymahadeven Credited to ajaymahadeven
Path Traversal in http-live-simulator High
CVE-2019-5423 was published for http-live-simulator (npm) Apr 8, 2019
Cross-Site Scripting in buttle High
CVE-2019-5422 was published for buttle (npm) Apr 8, 2019
Moderate severity vulnerability that affects total.js Moderate
CVE-2019-10260 was published for total.js (npm) Apr 2, 2019
Directory Traversal in serve High
CVE-2019-5417 was published for serve (npm) Mar 25, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database