GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
auth0-js Privilege Escalation Vulnerability
High
CVE-2017-17068
was published
for
auth0-js
(npm)
Dec 21, 2017
Information Exposure on Case Insensitive File Systems in serve
Moderate
CVE-2018-3809
was published
for
serve
(npm)
Jul 18, 2018
Invalid Curve Attack in node-jose
Moderate
CVE-2017-16007
was published
for
node-jose
(npm)
Jul 20, 2018
Private Data Disclosure in express-restify-mongoose
High
CVE-2016-10533
was published
for
express-restify-mongoose
(npm)
Oct 23, 2018
Missing Origin Validation in parcel-bundler
High
CVE-2018-14731
was published
for
parcel-bundler
(npm)
Oct 30, 2018
Rendertron discloses absolute paths of files
High
CVE-2017-18355
was published
for
rendertron
(npm)
Feb 12, 2019
Insecure Default Configuration in airbrake
Moderate
CVE-2016-10530
was published
for
airbrake
(npm)
Feb 18, 2019
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Memory Exposure in concat-stream
Moderate
GHSA-g74r-ffvr-5q9f
was published
for
concat-stream
(npm)
Jun 3, 2019
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Moderate
GHSA-v7x3-7hw7-pcjg
was published
for
renovate
(npm)
Oct 21, 2019
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Http request which redirect to another hostname do not strip authorization header in @actions/http-client
Moderate
CVE-2020-11021
was published
for
@actions/http-client
(npm)
Apr 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Critical
CVE-2020-11059
was published
for
aegir
(npm)
May 27, 2020
Missing Origin Validation in browserify-hmr
High
CVE-2018-14730
was published
for
browserify-hmr
(npm)
Sep 1, 2020
Sensitive Data Exposure in loopback
Low
GHSA-724c-6vrf-99rq
was published
for
loopback
(npm)
Sep 2, 2020
ProTip!
Advisories are also available from the
GraphQL API