Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,251 advisories

Loading
Cross-Site Scripting in diagram-js-direct-editing Moderate
GHSA-j8r2-2x94-2q67 was published for diagram-js-direct-editing (npm) Sep 11, 2020
Command Injection in wizard-syncronizer Moderate
GHSA-wgw3-gf4p-62xc was published for wizard-syncronizer (npm) Sep 11, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL Moderate
CVE-2018-8024 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Command injection in codecov (npm package) Moderate
CVE-2020-15123 was published for codecov (npm) Jul 20, 2020
Remote Memory Disclosure in bittorrent-dht Moderate
CVE-2016-10519 was published for bittorrent-dht (npm) Sep 1, 2020
CSRF Vulnerability in jquery-ujs Moderate
GHSA-6qqj-rx4w-r3cj was published for jquery-ujs (npm) Aug 31, 2020
Validation Bypass in paypal-ipn Moderate
CVE-2014-10067 was published for paypal-ipn (npm) Aug 31, 2020
Cross-Site Scripting in yui Moderate
CVE-2013-4939 was published for yui (npm) Sep 1, 2020
HTML Injection in marky-markdown Moderate
GHSA-pxmp-fwjc-4x7q was published for marky-markdown (npm) Sep 3, 2020
XSS vulnerability when listing users on add & modify server pages. Moderate
GHSA-5822-pw57-vv37 was published for pterodactyl/panel (Composer) Oct 8, 2020
sergejostir Credited to sergejostir
Path Traversal in public Moderate
GHSA-4vvp-x9h2-x2vf was published for public (npm) Sep 3, 2020
Web Cache Poisoning in find-my-way Moderate
CVE-2020-7764 was published for find-my-way (npm) Nov 9, 2020
Prototype Pollution in mergify Moderate
GHSA-3f95-w5h5-fq86 was published for mergify (npm) Sep 11, 2020
Local File Inclusion in domokeeper Moderate
GHSA-cr67-78jr-j94p was published for domokeeper (npm) Sep 3, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-22q9-hqm5-mhmc was published for swagger-ui (npm) Sep 11, 2020
Unintended Require in larvitbase-www Moderate
GHSA-88h9-fc6v-jcw7 was published for larvitbase-www (npm) Sep 3, 2020
Prototype Pollution in systeminformation Moderate
CVE-2020-26245 was published for systeminformation (npm) Nov 27, 2020
Authenticated remote code execution Moderate
GHSA-pjj4-jjgc-h3r8 was published for shopware/platform (Composer) Mar 12, 2021
ReDOS vulnerabities: multiple grammars Moderate
GHSA-7wwv-vh3v-89cq was published for @highlightjs/cdn-assets (npm) Dec 4, 2020
RunDevelopment Credited to RunDevelopment, erik-krogh, and kurt-r2c erik-krogh erik-krogh
kurt-r2c kurt-r2c
Denial of Service in ecstatic Moderate
CVE-2019-10775 was published for ecstatic (npm) Dec 15, 2020
Configuration Override in helmet-csp Moderate
GHSA-c3m8-x3cg-qm2c was published for helmet-csp (npm) Sep 3, 2020
Potential XSS in jQuery dependency in Mirador Moderate
GHSA-hgwm-pv9h-q5m7 was published for mirador (npm) Sep 18, 2020
Exposure of .env if project root is configured as web root in shopware/production Moderate
GHSA-3pcr-4982-548m was published for shopware/production (Composer) Apr 13, 2021
Withdrawn: HTTP Request Smuggling in Agoo Moderate
CVE-2020-7670 was published for agoo (RubyGems) Oct 20, 2020 withdrawn
Reflected XSS with parameters in PostComment Moderate
CVE-2020-26225 was published for prestashop/productcomments (Composer) Nov 16, 2020
my3ker Credited to my3ker
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database