Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,978
Maven
5,000+
npm
3,698
NuGet
656
pip
3,315
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

43 advisories

Loading
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Github Token Leak in aegir High
CVE-2017-16225 was published for aegir (npm) Jul 24, 2018
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
Missing Origin Validation in browserify-hmr High
CVE-2018-14730 was published for browserify-hmr (npm) Sep 1, 2020
Unauthorized File Access in atompm High
GHSA-v86x-f47q-f7f4 was published for atompm (npm) Sep 11, 2020
Packing does not respect root-level ignore files in workspaces High
CVE-2022-29244 was published for npm (npm) Jun 2, 2022
bnb
Hostname confusion in parse-url High
CVE-2022-0722 was published for parse-url (npm) Jun 28, 2022
ApiKey secret could be revelated on network issue High
CVE-2021-21421 was published for node-etsy-client (npm) Apr 6, 2021
boly38
Parse Server vulnerable to brute force guessing of user sensitive data via search patterns High
CVE-2022-36079 was published for parse-server (npm) Sep 16, 2022
s00py
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
npm Token Leak in npm High
CVE-2016-3956 was published for npm (npm) Jul 31, 2018
Private Field data leak High
CVE-2021-32624 was published for @keystonejs/keystone (npm) May 27, 2021
molomby dcousens
Basic-auth app bundle credential exposure in gatsby-source-wordpress High
CVE-2021-32770 was published for gatsby-source-wordpress (npm) Jul 19, 2021
LiveQuery publishes user session tokens in parse-server High
CVE-2021-41109 was published for parse-server (npm) Sep 30, 2021
dblythy
Exposure of Sensitive Information in simple-get High
CVE-2022-0355 was published for simple-get (npm) Jan 28, 2022
Cookie exposure in requestretry High
CVE-2022-0654 was published for requestretry (npm) Feb 24, 2022
Sensitive Information leak via Script File in TinaCMS High
CVE-2023-25164 was published for @tinacms/cli (npm) Feb 8, 2023
Private Data Disclosure in express-restify-mongoose High
CVE-2016-10533 was published for express-restify-mongoose (npm) Oct 23, 2018
tdunlap607
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
Protected fields exposed via LiveQuery High
CVE-2022-31112 was published for parse-server (npm) Jul 6, 2022
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
Rendertron discloses absolute paths of files High
CVE-2017-18355 was published for rendertron (npm) Feb 12, 2019
Arbitrary File Read in phantom-html-to-pdf High
CVE-2020-7763 was published for phantom-html-to-pdf (npm) Nov 6, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database