GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Moderate
GHSA-v7x3-7hw7-pcjg
was published
for
renovate
(npm)
Oct 21, 2019
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Memory Exposure in concat-stream
Moderate
GHSA-g74r-ffvr-5q9f
was published
for
concat-stream
(npm)
Jun 3, 2019
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Missing Origin Validation in parcel-bundler
High
CVE-2018-14731
was published
for
parcel-bundler
(npm)
Oct 30, 2018
Information Exposure on Case Insensitive File Systems in serve
Moderate
CVE-2018-3809
was published
for
serve
(npm)
Jul 18, 2018
Insecure Default Configuration in airbrake
Moderate
CVE-2016-10530
was published
for
airbrake
(npm)
Feb 18, 2019
Sensitive Data Exposure in loopback
Low
GHSA-724c-6vrf-99rq
was published
for
loopback
(npm)
Sep 2, 2020
Missing Origin Validation in browserify-hmr
High
CVE-2018-14730
was published
for
browserify-hmr
(npm)
Sep 1, 2020
Unauthorized File Access in atompm
High
GHSA-v86x-f47q-f7f4
was published
for
atompm
(npm)
Sep 11, 2020
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
Moderate
CVE-2021-32822
was published
for
hbs
(npm)
Sep 2, 2021
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
Moderate
CVE-2021-23566
was published
for
nanoid
(npm)
Jan 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Moderate
CVE-2022-31051
was published
for
semantic-release
(npm)
Jun 9, 2022
Packing does not respect root-level ignore files in workspaces
High
CVE-2022-29244
was published
for
npm
(npm)
Jun 2, 2022
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Moderate
CVE-2022-31070
was published
for
@finastra/nestjs-proxy
(npm)
Jun 17, 2022
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Moderate
CVE-2022-31069
was published
for
@finastra/nestjs-proxy
(npm)
Jun 17, 2022
fhir-works-on-aws-authz-smart handles permissions improperly
Moderate
CVE-2022-39230
was published
for
fhir-works-on-aws-authz-smart
(npm)
Sep 21, 2022
ApiKey secret could be revelated on network issue
High
CVE-2021-21421
was published
for
node-etsy-client
(npm)
Apr 6, 2021
Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
High
CVE-2022-36079
was published
for
parse-server
(npm)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API