Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
Root Path Disclosure in send Moderate
CVE-2015-8859 was published for send (npm) Oct 24, 2017
tdunlap607
auth0-js Privilege Escalation Vulnerability High
CVE-2017-17068 was published for auth0-js (npm) Dec 21, 2017
Information Exposure on Case Insensitive File Systems in serve Moderate
CVE-2018-3809 was published for serve (npm) Jul 18, 2018
Invalid Curve Attack in node-jose Moderate
CVE-2017-16007 was published for node-jose (npm) Jul 20, 2018
tdunlap607
node-sqlite is malware High
CVE-2017-16048 was published for node-sqlite (npm) Jul 23, 2018
Github Token Leak in aegir High
CVE-2017-16225 was published for aegir (npm) Jul 24, 2018
npm Token Leak in npm High
CVE-2016-3956 was published for npm (npm) Jul 31, 2018
cofee-script is malware High
CVE-2017-16206 was published for cofee-script (npm) Aug 6, 2018
Private Data Disclosure in express-restify-mongoose High
CVE-2016-10533 was published for express-restify-mongoose (npm) Oct 23, 2018
tdunlap607
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
Rendertron discloses absolute paths of files High
CVE-2017-18355 was published for rendertron (npm) Feb 12, 2019
Insecure Default Configuration in airbrake Moderate
CVE-2016-10530 was published for airbrake (npm) Feb 18, 2019
Memory Exposure in tunnel-agent Moderate
GHSA-xc7v-wxcw-j472 was published for tunnel-agent (npm) Jun 3, 2019
Memory Exposure in concat-stream Moderate
GHSA-g74r-ffvr-5q9f was published for concat-stream (npm) Jun 3, 2019
Memory Exposure in bl Moderate
GHSA-wrw9-m778-g6mc was published for bl (npm) Jun 3, 2019
Sensitive Data Exposure in pem Critical
GHSA-pgcr-7wm4-mcv6 was published for pem (npm) Jun 4, 2019
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments Moderate
GHSA-v7x3-7hw7-pcjg was published for renovate (npm) Oct 21, 2019
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Http request which redirect to another hostname do not strip authorization header in @actions/http-client Moderate
CVE-2020-11021 was published for @actions/http-client (npm) Apr 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in AEgir Critical
CVE-2020-11059 was published for aegir (npm) May 27, 2020
tdunlap607
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Tracking Module in botbait Moderate
CVE-2017-16126 was published for botbait (npm) Sep 1, 2020
Missing Origin Validation in browserify-hmr High
CVE-2018-14730 was published for browserify-hmr (npm) Sep 1, 2020
Sensitive Data Exposure in loopback Low
GHSA-724c-6vrf-99rq was published for loopback (npm) Sep 2, 2020
ProTip! Advisories are also available from the GraphQL API