GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,094 advisories
Filter by severity
Downloads Resources over HTTP in arcanist
Moderate
CVE-2016-10683
was published
for
arcanist
(npm)
Feb 18, 2019
Cross-Site Scripting in backbone
Moderate
CVE-2016-10537
was published
for
backbone
(npm)
Feb 18, 2019
Insecure Defaults Allow MITM Over TLS in engine.io-client
Moderate
CVE-2016-10536
was published
for
engine.io-client
(npm)
Feb 18, 2019
Directory Traversal in restafary
Moderate
CVE-2016-10528
was published
for
restafary
(npm)
Feb 18, 2019
grunt-gh-pages before 0.10.0 may allow unencrypted GitHub credentials to be written to a log file
Moderate
CVE-2016-10526
was published
for
grunt-gh-pages
(npm)
Feb 18, 2019
Cross-Site Scripting in m-server
Moderate
CVE-2018-16484
was published
for
m-server
(npm)
Feb 7, 2019
Cross-Site Scripting in html-pages
Moderate
CVE-2018-16481
was published
for
html-pages
(npm)
Feb 7, 2019
Tnantoka/public XSS Vulnerability
Moderate
CVE-2018-16480
was published
for
public
(npm)
Feb 7, 2019
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Cross-Site Scripting in react-dom
Moderate
CVE-2018-6341
was published
for
react-dom
(npm)
Jan 4, 2019
Path Traversal in simplehttpserver
Moderate
CVE-2018-16478
was published
for
simplehttpserver
(npm)
Dec 6, 2018
Cross-site Scripting in yapi-vendor
Moderate
CVE-2018-17574
was published
for
yapi-vendor
(npm)
Nov 21, 2018
Ckeditor XSS Vulnerability
Moderate
CVE-2018-17960
was published
for
ckeditor
(Composer)
Nov 21, 2018
Cross-Site Scripting in html-janitor
Moderate
CVE-2017-0931
was published
for
html-janitor
(npm)
Nov 9, 2018
Content Injection via TileJSON Name in mapbox.js
Moderate
CVE-2017-1000043
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js
Moderate
CVE-2017-1000042
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Cross-Site Scripting in sanitize-html
Moderate
CVE-2017-16016
was published
for
sanitize-html
(npm)
Nov 9, 2018
ProTip!
Advisories are also available from the
GraphQL API