GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
Open Redirect in koa-remove-trailing-slashes
Moderate
CVE-2021-23384
was published
for
koa-remove-trailing-slashes
(npm)
Feb 10, 2022
Improper Certificate Validation in node-sass
Moderate
CVE-2020-24025
was published
for
node-sass
(npm)
Feb 9, 2022
Remote command injection when using sendmail email transport
Moderate
GHSA-wfrj-qqc2-83cm
was published
for
ghost
(npm)
Sep 20, 2021
Cross-site scripting in TileServer GL
Moderate
CVE-2020-15500
was published
for
tileserver-gl
(npm)
May 17, 2021
Improper Input Validation in sanitize-html
Moderate
CVE-2021-26539
was published
for
sanitize-html
(npm)
May 6, 2021
Cross-Site Scripting in swagger-ui
Moderate
GHSA-4f9m-pxwh-68hg
was published
for
swagger-ui
(npm)
Sep 11, 2020
Cross-Site Scripting in diagram-js
Moderate
GHSA-8fw4-xh83-3j6q
was published
for
diagram-js
(npm)
Sep 11, 2020
Cross-Site Scripting in @hapi/boom
Moderate
GHSA-2ggq-vfcp-gwhj
was published
for
@hapi/boom
(npm)
Sep 4, 2020
Insecure Cryptography Algorithm in simple-crypto-js
Moderate
GHSA-5v7r-jg9r-vq44
was published
for
simple-crypto-js
(npm)
Sep 3, 2020
Regular Expression Denial of Service in simple-markdown
Moderate
GHSA-4xf9-pgvv-xx67
was published
for
simple-markdown
(npm)
Sep 3, 2020
Out-of-bounds Read in base64url
Moderate
GHSA-rvg8-pwq2-xj7q
was published
for
base64url
(npm)
Sep 1, 2020
Rosetta-Flash JSONP Vulnerability in hapi
Moderate
CVE-2014-4671
was published
for
hapi
(npm)
Aug 31, 2020
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2020-12648
was published
for
tinymce
(npm)
Aug 11, 2020
Status Board vulnerable to Cross-Site Scripting before v1.1.82
Moderate
CVE-2019-15479
was published
for
status-board
(npm)
Sep 23, 2019
Cross-Site Scripting in webtorrent
Moderate
CVE-2019-15782
was published
for
webtorrent
(npm)
Sep 4, 2019
Cross-Site Scripting in webpack-bundle-analyzer
Moderate
GHSA-pgr8-jg6h-8gw6
was published
for
webpack-bundle-analyzer
(npm)
May 23, 2019
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Remote Memory Exposure in request
Moderate
CVE-2017-16026
was published
for
request
(npm)
Nov 9, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
ProTip!
Advisories are also available from the
GraphQL API