GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,655 advisories
Filter by severity
Arbitrary File Write in adm-zip
Moderate
CVE-2018-1002204
was published
for
adm-zip
(npm)
Jul 27, 2018
Arbitrary File Write via Archive Extraction in unzipper
Moderate
CVE-2018-1002203
was published
for
unzipper
(npm)
Jul 27, 2018
Path Traversal in superstatic
High
GHSA-wm77-q74p-5763
was published
for
superstatic
(npm)
Jul 27, 2018
Macro in MathJax running untrusted Javascript within a web browser
Moderate
CVE-2018-1999024
was published
for
mathjax
(npm)
Jul 27, 2018
bracket-template vulnerable to reflected XSS
Moderate
CVE-2018-3735
was published
for
bracket-template
(npm)
Jul 27, 2018
Denial of Service in https-proxy-agent
Critical
CVE-2018-3739
was published
for
https-proxy-agent
(npm)
Jul 27, 2018
Remote Code Execution in markdown-pdf
Moderate
CVE-2018-3770
was published
for
markdown-pdf
(npm)
Jul 27, 2018
High severity vulnerability that affects jquery-ui
High
GHSA-g8q2-24jh-5hpc
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 27, 2018
•
withdrawn
Downloads Resources over HTTP in mystem-fix
High
CVE-2016-10698
was published
for
mystem-fix
(npm)
Jul 27, 2018
Critical severity vulnerability that affects dns-sync
Critical
GHSA-wxvm-fh75-mpgr
was published
for
dns-sync
(npm)
Jul 26, 2018
•
withdrawn
Arbitrary Code Injection in pouchdb
Critical
CVE-2016-10546
was published
for
pouchdb
(npm)
Jul 26, 2018
Authentication Bypass in passport-azure-ad
High
CVE-2016-7191
was published
for
passport-azure-ad
(npm)
Jul 26, 2018
Path Traversal in general-file-server
High
CVE-2018-3724
was published
for
general-file-server
(npm)
Jul 26, 2018
Prototype Pollution in defaults-deep
High
CVE-2018-3723
was published
for
defaults-deep
(npm)
Jul 26, 2018
Prototype Pollution in merge-deep
High
CVE-2018-3722
was published
for
merge-deep
(npm)
Jul 26, 2018
Prototype Pollution in assign-deep
High
CVE-2018-3720
was published
for
assign-deep
(npm)
Jul 26, 2018
Prototype Pollution in mixin-deep
High
CVE-2018-3719
was published
for
mixin-deep
(npm)
Jul 26, 2018
Stored Cross-Site Scripting in simplehttpserver
Moderate
CVE-2018-3716
was published
for
simplehttpserver
(npm)
Jul 26, 2018
ProTip!
Advisories are also available from the
GraphQL API