GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,980
Maven
5,000+
npm
3,698
NuGet
656
pip
3,317
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
Information Exposure on Case Insensitive File Systems in serve
Moderate
CVE-2018-3809
was published
for
serve
(npm)
Jul 18, 2018
Invalid Curve Attack in node-jose
Moderate
CVE-2017-16007
was published
for
node-jose
(npm)
Jul 20, 2018
Insecure Default Configuration in airbrake
Moderate
CVE-2016-10530
was published
for
airbrake
(npm)
Feb 18, 2019
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Memory Exposure in concat-stream
Moderate
GHSA-g74r-ffvr-5q9f
was published
for
concat-stream
(npm)
Jun 3, 2019
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Moderate
GHSA-v7x3-7hw7-pcjg
was published
for
renovate
(npm)
Oct 21, 2019
Http request which redirect to another hostname do not strip authorization header in @actions/http-client
Moderate
CVE-2020-11021
was published
for
@actions/http-client
(npm)
Apr 29, 2020
botframework-connector vulnerable to Improper Authentication
Moderate
CVE-2021-1725
was published
for
botframework-connector
(npm)
Mar 8, 2021
Insecure template handling in express-hbs
Moderate
CVE-2021-32817
was published
for
express-hbs
(npm)
May 17, 2021
Credential leak in react-native-fast-image
Moderate
CVE-2020-7696
was published
for
react-native-fast-image
(npm)
May 18, 2021
Privilege escalation: all users can access Admin-level API keys
Moderate
CVE-2021-39192
was published
for
ghost
(npm)
Jul 22, 2021
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
Moderate
CVE-2021-32822
was published
for
hbs
(npm)
Sep 2, 2021
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Moderate
CVE-2021-40823
was published
for
matrix-js-sdk
(npm)
Sep 14, 2021
Unauthorized access to data in @sap-cloud-sdk/core
Moderate
CVE-2021-41251
was published
for
@sap-cloud-sdk/core
(npm)
Nov 10, 2021
Potential exposure of tokens to an Unauthorized Actor
Moderate
CVE-2022-21671
was published
for
@replit/crosis
(npm)
Jan 12, 2022
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
Moderate
CVE-2021-23566
was published
for
nanoid
(npm)
Jan 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
Moderate
CVE-2022-0536
was published
for
follow-redirects
(npm)
Feb 10, 2022
Exposure of home directory through shescape on Unix with Bash
Moderate
CVE-2022-24725
was published
for
shescape
(npm)
Mar 3, 2022
Leaking of user information on Cross-Domain communication in sysend
Moderate
CVE-2022-24762
was published
for
sysend
(npm)
Mar 14, 2022
Converse.js Exposure of Sensitive Information
Moderate
CVE-2018-6591
was published
for
converse.js
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API