GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
961 advisories
Filter by severity
Heap Based Buffer Overflow in libyaml
Critical
CVE-2013-6393
was published
for
libyaml
(npm)
Aug 31, 2020
Potential Command Injection in libnotify
Critical
CVE-2013-7381
was published
for
libnotify
(npm)
Aug 31, 2020
Potential Command Injection in hubot-scripts
Critical
CVE-2013-7378
was published
for
hubot-scripts
(npm)
Aug 31, 2020
Server secret was included in static assets and served to clients
Critical
GHSA-r587-7jh2-4qr3
was published
for
flood
(npm)
Aug 26, 2020
Sandbox Breakout / Arbitrary Code Execution in safe-eval
Critical
CVE-2020-7710
was published
for
safe-eval
(npm)
Aug 25, 2020
Server-Side Request Forgery in ftp-srv
Critical
CVE-2020-15152
was published
for
ftp-srv
(npm)
Aug 17, 2020
Prototype Pollution in express-fileupload
Critical
CVE-2020-7699
was published
for
express-fileupload
(npm)
Aug 5, 2020
False-positive validity for NFT1 genesis transactions
Critical
CVE-2020-15131
was published
for
slp-validate
(npm)
Jul 30, 2020
False-positive validity for NFT1 genesis transactions in SLPJS
Critical
CVE-2020-15130
was published
for
slpjs
(npm)
Jul 30, 2020
Remote Code Execution in scratch-vm
Critical
CVE-2020-14000
was published
for
scratch-vm
(npm)
Jul 27, 2020
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Critical
CVE-2019-16303
was published
for
generator-jhipster-kotlin
(npm)
Jun 26, 2020
RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign
Critical
CVE-2020-14967
was published
for
jsrsasign
(npm)
Jun 26, 2020
RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign
Critical
CVE-2020-14968
was published
for
jsrsasign
(npm)
Jun 26, 2020
Prototype Pollution in ini-parser
Critical
CVE-2020-7617
was published
for
ini-parser
(npm)
Jun 10, 2020
Validation Bypass in schema-inspector
Critical
CVE-2019-10781
was published
for
schema-inspector
(npm)
Jun 10, 2020
Arbitrary shell command execution in logkitty
Critical
CVE-2020-8149
was published
for
logkitty
(npm)
Jun 5, 2020
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Critical
CVE-2020-11059
was published
for
aegir
(npm)
May 27, 2020
curlrequest allows execution of arbitrary commands
Critical
CVE-2020-7646
was published
for
curlrequest
(npm)
May 13, 2020
False-negative validation results in MINT transactions with invalid baton
Critical
CVE-2020-11072
was published
for
slp-validate
(npm)
May 12, 2020
False-negative validation results in MINT transactions with invalid baton
Critical
CVE-2020-11071
was published
for
slpjs
(npm)
May 12, 2020
Command Injection in hot-formula-parser
Critical
CVE-2020-6836
was published
for
hot-formula-parser
(npm)
May 6, 2020
Command Injection in npm-programmatic
Critical
CVE-2020-7614
was published
for
npm-programmatic
(npm)
Apr 23, 2020
OS Command Injection in devcert-sanscache
Critical
CVE-2019-10778
was published
for
devcert-sanscache
(npm)
Apr 14, 2020
OS command injection in aws-lambda
Critical
CVE-2019-10777
was published
for
aws-lambda
(npm)
Feb 14, 2020
ProTip!
Advisories are also available from the
GraphQL API