GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,134 advisories
Filter by severity
personnummer/ruby vulnerable to Improper Input Validation
Low
GHSA-vp9c-fpxx-744v
was published
for
personnummer
(RubyGems)
Sep 23, 2020
Incorrect Calculation in bigint-money
Low
GHSA-9r3m-mhfm-39cm
was published
for
bigint-money
(npm)
Sep 11, 2020
Users with SCRIPT right can execute arbitrary code in XWiki
Low
CVE-2020-15171
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 10, 2020
The `size` option isn't honored after following a redirect in node-fetch
Low
CVE-2020-15168
was published
for
node-fetch
(npm)
Sep 10, 2020
personnummer/python vulnerable to Improper Input Validation
Low
GHSA-rxq3-5249-8hgg
was published
for
personnummer
(pip)
Sep 9, 2020
personnummer/csharp vulnerable to Improper Input Validation
Low
GHSA-qv8q-v995-72gr
was published
for
personnummer
(NuGet)
Sep 9, 2020
personnummer/php vulnerable to Improper Input Validation
Low
GHSA-2p6g-gjp8-ggg9
was published
for
personnummer/personnummer
(Composer)
Sep 9, 2020
personnummer/js vulnerable to Improper Input Validation
Low
GHSA-vpgc-7h78-gx8f
was published
for
personnummer
(npm)
Sep 4, 2020
Prototype Pollution in @hapi/hoek
Low
GHSA-22h7-7wwg-qmgg
was published
for
@hapi/hoek
(npm)
Sep 4, 2020
Information Exposure in type-graphql
Low
GHSA-xf64-2f9p-6pqq
was published
for
type-graphql
(npm)
Sep 4, 2020
Global node_modules Binary Overwrite in bin-links
Low
GHSA-v45m-2wcp-gg98
was published
for
bin-links
(npm)
Sep 4, 2020
Symlink reference outside of node_modules in bin-links
Low
GHSA-2mj8-pj3j-h362
was published
for
bin-links
(npm)
Sep 4, 2020
Arbitrary File Write in bin-links
Low
GHSA-gqf6-75v8-vr26
was published
for
bin-links
(npm)
Sep 4, 2020
Regular Expression Denial of Service in markdown
Low
GHSA-wx77-rp39-c6vg
was published
for
markdown
(npm)
Sep 4, 2020
Denial of Service in express-fileupload
Low
GHSA-q3w9-g74q-vp5f
was published
for
express-fileupload
(npm)
Sep 3, 2020
Denial of Service in apostrophe
Low
GHSA-pv6r-vchh-cxg9
was published
for
apostrophe
(npm)
Sep 3, 2020
Authorization Bypass in graphql-shield
Low
GHSA-hx78-272p-mqqh
was published
for
graphql-shield
(npm)
Sep 3, 2020
Denial of Service in grpc-ts-health-check
Low
GHSA-m86m-5m44-pc93
was published
for
grpc-ts-health-check
(npm)
Sep 3, 2020
Regular Expression Denial of Service in marked
Low
GHSA-ch52-vgq2-943f
was published
for
marked
(npm)
Sep 3, 2020
Sensitive Data Exposure in loopback
Low
GHSA-724c-6vrf-99rq
was published
for
loopback
(npm)
Sep 2, 2020
Cross-Site Scripting in express-cart
Low
GHSA-9pr3-7449-977r
was published
for
express-cart
(npm)
Sep 2, 2020
Command Injection in ascii-art
Low
GHSA-9hqj-38j2-5jgm
was published
for
ascii-art
(npm)
Sep 1, 2020
Prototype Pollution in merge-objects
Low
GHSA-992f-wf4w-x36v
was published
for
merge-objects
(npm)
Sep 1, 2020
ProTip!
Advisories are also available from the
GraphQL API