GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
965 advisories
Filter by severity
Server secret was included in static assets and served to clients
Critical
GHSA-r587-7jh2-4qr3
was published
for
flood
(npm)
Aug 26, 2020
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople
Critical
GHSA-4vmm-mhcq-4x9j
was published
for
constantinople
(npm)
Jun 14, 2019
Privilege Escalation in express-cart
Critical
GHSA-3fc5-9x9m-vqc4
was published
for
express-cart
(npm)
Jun 3, 2019
Failure to sanitize quotes which can lead to sql injection in squel
Critical
GHSA-4qhx-g9wp-g9m6
was published
for
squel
(npm)
Jun 14, 2019
Identity Spoofing in libp2p-secio
Critical
GHSA-rch7-f4h5-x9rj
was published
for
libp2p-secio
(npm)
Aug 23, 2019
OS Command Injection in devcert-sanscache
Critical
CVE-2019-10778
was published
for
devcert-sanscache
(npm)
Apr 14, 2020
Command Injection in hot-formula-parser
Critical
CVE-2020-6836
was published
for
hot-formula-parser
(npm)
May 6, 2020
curlrequest allows execution of arbitrary commands
Critical
CVE-2020-7646
was published
for
curlrequest
(npm)
May 13, 2020
False-negative validation results in MINT transactions with invalid baton
Critical
CVE-2020-11071
was published
for
slpjs
(npm)
May 12, 2020
False-negative validation results in MINT transactions with invalid baton
Critical
CVE-2020-11072
was published
for
slp-validate
(npm)
May 12, 2020
OS command injection in git-diff-apply
Critical
CVE-2019-10776
was published
for
git-diff-apply
(npm)
Feb 14, 2020
OS command injection in aws-lambda
Critical
CVE-2019-10777
was published
for
aws-lambda
(npm)
Feb 14, 2020
Validation Bypass in schema-inspector
Critical
CVE-2019-10781
was published
for
schema-inspector
(npm)
Jun 10, 2020
Validation Bypass in slp-validate
Critical
CVE-2019-16761
was published
for
slp-validate
(npm)
Nov 15, 2019
Arbitrary JavaScript Execution in bassmaster
Critical
CVE-2014-7205
was published
for
bassmaster
(npm)
Oct 24, 2017
Sandbox Breakout in realms-shim
Critical
GHSA-7cg8-pq9v-x98q
was published
for
realms-shim
(npm)
Oct 21, 2019
Critical severity vulnerability that affects slpjs
Critical
CVE-2019-16762
was published
for
slpjs
(npm)
Nov 15, 2019
Sandbox Breakout in realms-shim
Critical
GHSA-6jg8-7333-554w
was published
for
realms-shim
(npm)
Oct 4, 2019
Potential Command Injection in printer
Critical
CVE-2014-3741
was published
for
printer
(npm)
Nov 28, 2017
Verification Bypass in jsonwebtoken
Critical
CVE-2015-9235
was published
for
jsonwebtoken
(npm)
Oct 9, 2018
ProTip!
Advisories are also available from the
GraphQL API