GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,680
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,145 advisories
Filter by severity
Arbitrary File Write in bin-links
Low
GHSA-gqf6-75v8-vr26
was published
for
bin-links
(npm)
Sep 4, 2020
Regular Expression Denial of Service in markdown
Low
GHSA-wx77-rp39-c6vg
was published
for
markdown
(npm)
Sep 4, 2020
Denial of Service in express-fileupload
Low
GHSA-q3w9-g74q-vp5f
was published
for
express-fileupload
(npm)
Sep 3, 2020
Denial of Service in apostrophe
Low
GHSA-pv6r-vchh-cxg9
was published
for
apostrophe
(npm)
Sep 3, 2020
Authorization Bypass in graphql-shield
Low
GHSA-hx78-272p-mqqh
was published
for
graphql-shield
(npm)
Sep 3, 2020
Denial of Service in grpc-ts-health-check
Low
GHSA-m86m-5m44-pc93
was published
for
grpc-ts-health-check
(npm)
Sep 3, 2020
Regular Expression Denial of Service in marked
Low
GHSA-ch52-vgq2-943f
was published
for
marked
(npm)
Sep 3, 2020
Sensitive Data Exposure in loopback
Low
GHSA-724c-6vrf-99rq
was published
for
loopback
(npm)
Sep 2, 2020
Cross-Site Scripting in express-cart
Low
GHSA-9pr3-7449-977r
was published
for
express-cart
(npm)
Sep 2, 2020
Command Injection in ascii-art
Low
GHSA-9hqj-38j2-5jgm
was published
for
ascii-art
(npm)
Sep 1, 2020
Prototype Pollution in merge-objects
Low
GHSA-992f-wf4w-x36v
was published
for
merge-objects
(npm)
Sep 1, 2020
Reflected Cross-Site Scripting in redis-commander
Low
GHSA-8c8c-4vfj-rrpc
was published
for
redis-commander
(npm)
Sep 1, 2020
Silently Runs Cryptocoin Miner in hooka-tools
Low
GHSA-m36m-x4c5-rjxj
was published
for
hooka-tools
(npm)
Sep 1, 2020
methodOverride Middleware Reflected Cross-Site Scripting in connect
Low
CVE-2013-7370
was published
for
connect
(npm)
Aug 31, 2020
Cross Site Scripting and RCE in baserCMS
Low
CVE-2020-15159
was published
for
baserproject/basercms
(Composer)
Aug 28, 2020
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
Low
CVE-2020-15155
was published
for
baserproject/basercms
(Composer)
Aug 28, 2020
Cross Site Scripting in baserCMS
Low
CVE-2020-15154
was published
for
baserproject/basercms
(Composer)
Aug 28, 2020
Open Redirect in hekto
Low
GHSA-c5j4-vw9m-xc95
was published
for
hekto
(npm)
Aug 27, 2020
•
withdrawn
Path Traversal in openapi-python-client
Low
CVE-2020-15141
was published
for
openapi-python-client
(pip)
Aug 20, 2020
Regular Expression Denial of Service in is-my-json-valid
Low
GHSA-4x7c-cx64-49w8
was published
for
is-my-json-valid
(npm)
Aug 19, 2020
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API