Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,396
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,031 advisories

Loading
Incorrect Account Used for Signing High
GHSA-vg44-fw64-cpjx was published for @metamask/eth-ledger-bridge-keyring (npm) Mar 24, 2020
Insecure Entropy Source - Math.random() in node-uuid High
CVE-2015-8851 was published for node-uuid (npm) Apr 16, 2020
Sandbox bypass in constantinople Moderate
GHSA-hg7c-66ff-9q8g was published for constantinople (npm) Jul 31, 2020 withdrawn
Regular Expression Denial of Service in Acorn High
GHSA-6chw-6frg-f759 was published for acorn (npm) Apr 3, 2020
OS Command Injection in devcert-sanscache Critical
CVE-2019-10778 was published for devcert-sanscache (npm) Apr 14, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11071 was published for slpjs (npm) May 12, 2020
Command Injection in hot-formula-parser Critical
CVE-2020-6836 was published for hot-formula-parser (npm) May 6, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11072 was published for slp-validate (npm) May 12, 2020
curlrequest allows execution of arbitrary commands Critical
CVE-2020-7646 was published for curlrequest (npm) May 13, 2020
OS command injection in git-diff-apply Critical
CVE-2019-10776 was published for git-diff-apply (npm) Feb 14, 2020
OS command injection in aws-lambda Critical
CVE-2019-10777 was published for aws-lambda (npm) Feb 14, 2020
discord-html not escaping HTML code blocks when lacking a language identifier High
GHSA-9r27-994c-4xch was published for discord-markdown (npm) Feb 24, 2020
Prototype Pollution in Dojox Low
CVE-2020-5259 was published for dojox (npm) Mar 10, 2020
Validation Bypass in schema-inspector Critical
CVE-2019-10781 was published for schema-inspector (npm) Jun 10, 2020
Downloads Resources over HTTP in rs-brightcove High
CVE-2016-10676 was published for rs-brightcove (npm) Feb 18, 2019
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode Moderate
CVE-2019-10785 was published for dojox (npm) Feb 13, 2020
JLLeitschuh
Cross-Site Scripting in seeftl High
CVE-2019-15603 was published for seeftl (npm) Apr 1, 2020
Open Redirect in ecstatic High
GHSA-9q64-mpxx-87fg was published for ecstatic (npm) Apr 1, 2020
XSS in TinyMCE Moderate
CVE-2019-1010091 was published for tinymce (npm) May 11, 2020
codecov NPM module allows remote attackers to execute arbitrary commands High
CVE-2020-7597 was published for codecov (npm) Feb 19, 2020
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit High
GHSA-p94w-42g3-f7h4 was published for vp-toolkit (npm) Mar 6, 2020
Holder can generate proof of ownership for credentials it does not control in vp-toolkit High
GHSA-ff5x-w9wg-h275 was published for vp-toolkit (npm) Mar 6, 2020
Reflected XSS in GraphQL Playground High
CVE-2020-4038 was published for graphql-playground-html (npm) Jun 9, 2020
DoS via malicious record IDs in WatermelonDB Moderate
CVE-2020-4035 was published for @nozbe/watermelondb (npm) Jun 3, 2020
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database