GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
256,269 advisories
Filter by severity
SQL Injection in waterline-sequel
High
GHSA-mpcx-8qqw-rmcq
was published
for
waterline-sequel
(npm)
Aug 19, 2020
•
withdrawn
Cross-Site Scripting in JSPWiki
Moderate
CVE-2019-10076
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
Cross-Site Scripting
Moderate
GHSA-57h7-r3q3-w57j
was published
for
djangorestframework
(pip)
Feb 24, 2021
•
withdrawn
Path Traversal in angular-http-server
High
GHSA-vmhw-fhj6-m3g5
was published
for
angular-http-server
(npm)
May 31, 2019
Directory Traversal
High
GHSA-26hg-crh6-mjrw
was published
for
list-n-stream
(npm)
Feb 23, 2021
•
withdrawn
XML external entity (XXE) vulnerability
High
GHSA-c8m9-mh38-97p9
was published
for
org.jpmml:pmml-model
(Maven)
Feb 24, 2021
•
withdrawn
Server-Side Request Forgery in terriajs-server
High
GHSA-p72p-rjr2-r439
was published
for
terriajs-server
(npm)
May 29, 2019
Insecure Credential Storage in web3
Low
GHSA-27v7-qhfv-rqq8
was published
for
web3
(npm)
May 30, 2019
Elliptic Curve Key Disclosure
High
GHSA-h6wq-jw7q-grxv
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Feb 24, 2021
•
withdrawn
Privilege escalation vulnerability in Apache Hadoop
High
CVE-2018-8029
was published
for
org.apache.hadoop:hadoop-main
(Maven)
May 31, 2019
Reflected Cross-Site Scripting in jquery.terminal
Moderate
GHSA-2hwp-g4g7-mwwj
was published
for
jquery.terminal
(npm)
May 29, 2019
Cross-Site Scripting in bootbox
Moderate
GHSA-87mg-h5r3-hw88
was published
for
bootbox
(npm)
May 30, 2019
rocksdb vulnerable to out-of-bounds read
Moderate
GHSA-xpp3-xrff-w6rh
was published
for
rocksdb
(Rust)
Aug 12, 2022
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Cross-Site Scripting in react-svg
High
GHSA-8xqr-4cpm-wx7g
was published
for
react-svg
(npm)
May 31, 2019
Out-of-bounds Read in base64-url
High
GHSA-j4mr-9xw3-c9jx
was published
for
base64-url
(npm)
May 31, 2019
Open Redirect in hekto
Low
GHSA-c5j4-vw9m-xc95
was published
for
hekto
(npm)
Aug 27, 2020
•
withdrawn
Command Injection in dns-sync
Moderate
GHSA-c6h2-mpc6-232h
was published
for
dns-sync
(npm)
Aug 27, 2020
•
withdrawn
Authentication Weakness in keystone
Moderate
GHSA-9xgp-hfw7-73rq
was published
for
keystone
(npm)
Aug 19, 2020
•
withdrawn
Out-of-bounds Read in concat-with-sourcemaps
Moderate
GHSA-2xv3-h762-ccxv
was published
for
concat-with-sourcemaps
(npm)
May 29, 2019
ProTip!
Advisories are also available from the
GraphQL API