Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

101,354 advisories

Loading
Regular Expression Denial of Service in Acorn High
GHSA-6chw-6frg-f759 was published for acorn (npm) Apr 3, 2020
Insecure Entropy Source - Math.random() in node-uuid High
CVE-2015-8851 was published for node-uuid (npm) Apr 16, 2020
Incorrect Account Used for Signing High
GHSA-vg44-fw64-cpjx was published for @metamask/eth-ledger-bridge-keyring (npm) Mar 24, 2020
Downloads Resources over HTTP in rs-brightcove High
CVE-2016-10676 was published for rs-brightcove (npm) Feb 18, 2019
discord-html not escaping HTML code blocks when lacking a language identifier High
GHSA-9r27-994c-4xch was published for discord-markdown (npm) Feb 24, 2020
Cross-Site Scripting in seeftl High
CVE-2019-15603 was published for seeftl (npm) Apr 1, 2020
Open Redirect in ecstatic High
GHSA-9q64-mpxx-87fg was published for ecstatic (npm) Apr 1, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-11002 was published for io.dropwizard:dropwizard-validation (Maven) Apr 10, 2020
pwntester
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
codecov NPM module allows remote attackers to execute arbitrary commands High
CVE-2020-7597 was published for codecov (npm) Feb 19, 2020
Reflected XSS in GraphQL Playground High
CVE-2020-4038 was published for graphql-playground-html (npm) Jun 9, 2020
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Holder can generate proof of ownership for credentials it does not control in vp-toolkit High
GHSA-ff5x-w9wg-h275 was published for vp-toolkit (npm) Mar 6, 2020
Denial of Service in uap-core when processing crafted User-Agent strings High
GHSA-pcqq-5962-hvcw was published for user_agent_parser (RubyGems) Mar 10, 2020
bcaller
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit High
GHSA-p94w-42g3-f7h4 was published for vp-toolkit (npm) Mar 6, 2020
Remote Code Execution Through Image Uploads in BookStack High
CVE-2020-5256 was published for ssddanbrown/bookstack (Composer) Mar 13, 2020
inc0x0 thiagomayllart
Cross-Site Scripting in fileview High
CVE-2019-15602 was published for fileview (npm) Apr 1, 2020
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
Deserialization of Untrusted Data in jackson-databind High
GHSA-wrr7-33fx-rcvj was published for com.fasterxml.jackson.core:jackson-databind (Maven) Jun 15, 2020 withdrawn
Private data exposure via REST API in BuddyPress High
CVE-2020-5244 was published for buddypress/buddypress (Composer) Feb 24, 2020
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Read permissions not enforced for client provided filter expressions in Elide. High
CVE-2020-5289 was published for com.yahoo.elide:elide-core (Maven) Mar 30, 2020
Prototype Pollution Protection Bypass in qs High
CVE-2017-1000048 was published for qs (npm) Apr 30, 2020
Downloads Resources over HTTP in selenium-download High
CVE-2016-10559 was published for selenium-download (npm) Feb 18, 2019
Downloads Resources over HTTP in alto-saxophone High
CVE-2016-10694 was published for alto-saxophone (npm) Jul 31, 2018
ProTip! Advisories are also available from the GraphQL API