GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,456 advisories
Filter by severity
Redwood is vulnerable to account takeover via dbAuth "forgot-password"
High
GHSA-3qmc-2r76-4rqp
was published
for
@redwoodjs/api
(npm)
Nov 10, 2022
Parse Server before v3.4.1 vulnerable to Denial of Service
High
CVE-2019-1020012
was published
for
parse-server
(npm)
Jun 13, 2019
Improper handling of multiline messages in node-irc
High
GHSA-52rh-5rpj-c3w6
was published
for
matrix-org-irc
(npm)
May 5, 2022
Directory Traversal
High
GHSA-26hg-crh6-mjrw
was published
for
list-n-stream
(npm)
Feb 23, 2021
•
withdrawn
Server-Side Request Forgery in terriajs-server
High
GHSA-p72p-rjr2-r439
was published
for
terriajs-server
(npm)
May 29, 2019
Path Traversal in angular-http-server
High
GHSA-vmhw-fhj6-m3g5
was published
for
angular-http-server
(npm)
May 31, 2019
SQL Injection in waterline-sequel
High
GHSA-mpcx-8qqw-rmcq
was published
for
waterline-sequel
(npm)
Aug 19, 2020
•
withdrawn
Out-of-bounds Read in base64-url
High
GHSA-j4mr-9xw3-c9jx
was published
for
base64-url
(npm)
May 31, 2019
Cross-Site Scripting in react-svg
High
GHSA-8xqr-4cpm-wx7g
was published
for
react-svg
(npm)
May 31, 2019
Directory Traversal
High
GHSA-f6gj-7592-5jxm
was published
for
node-simple-router
(npm)
Feb 23, 2021
•
withdrawn
Cross-Site Scripting in bracket-template
High
GHSA-jj6g-7j8p-7gf2
was published
for
bracket-template
(npm)
May 30, 2019
Path Traversal in localhost-now
High
GHSA-73cw-jxmm-qpgh
was published
for
localhost-now
(npm)
Jun 11, 2019
Command Injection in macaddress
High
GHSA-q9r2-f3vc-rjg8
was published
for
macaddress
(npm)
Aug 19, 2020
•
withdrawn
Cross-Site Scripting in ids-enterprise
High
GHSA-49r3-3h96-rwj6
was published
for
ids-enterprise
(npm)
Jun 13, 2019
Cross-Site Scripting in ids-enterprise
High
GHSA-hpfq-8wx8-cgqw
was published
for
ids-enterprise
(npm)
Jun 13, 2019
NoSQL Injection in loopback-connector-mongodb
High
GHSA-m734-r4g6-34f9
was published
for
loopback-connector-mongodb
(npm)
Jun 4, 2019
Signature Verification Bypass in jwt-simple
High
GHSA-8v5f-hp78-jgxq
was published
for
jwt-simple
(npm)
Jun 6, 2019
Prototype Pollution in @apollo/gateway
High
GHSA-74cr-77xc-8g6r
was published
for
@apollo/gateway
(npm)
Jun 13, 2019
ProTip!
Advisories are also available from the
GraphQL API