GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,086 advisories
Filter by severity
Bypassing Sanitization using DOM clobbering in html-janitor
Moderate
CVE-2017-0928
was published
for
html-janitor
(npm)
Jul 24, 2018
Regular Expression Denial Of Service in uri-js
Moderate
CVE-2017-16021
was published
for
uri-js
(npm)
Jul 24, 2018
Cross-Site Scripting in i18next
Moderate
CVE-2017-16010
was published
for
i18next
(npm)
Jul 24, 2018
Invalid Curve Attack in node-jose
Moderate
CVE-2017-16007
was published
for
node-jose
(npm)
Jul 20, 2018
Cross-site Scripting (XSS) - Stored in crud-file-server
Moderate
CVE-2018-3726
was published
for
crud-file-server
(npm)
Jul 18, 2018
Information Exposure on Case Insensitive File Systems in serve
Moderate
CVE-2018-3809
was published
for
serve
(npm)
Jul 18, 2018
Incorrect handling of CORS preflight request headers in hapi
Moderate
CVE-2015-9236
was published
for
hapi
(npm)
Jun 7, 2018
Cross-Site Scripting in @ckeditor/ckeditor5-link
Moderate
CVE-2018-11093
was published
for
@ckeditor/ckeditor5-link
(npm)
May 23, 2018
Cross-Site Scripting in @risingstack/protect
Moderate
CVE-2018-1000160
was published
for
@risingstack/protect
(npm)
Apr 25, 2018
Regular Expression Denial of Service in ssri
Moderate
CVE-2018-7651
was published
for
ssri
(npm)
Mar 7, 2018
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Moderate
CVE-2018-1000023
was published
for
insight-api
(npm)
Mar 5, 2018
Cross-Site Scripting (XSS) in jquery
Moderate
CVE-2015-9251
was published
for
jQuery
(RubyGems)
Jan 22, 2018
Marked vulnerable to XSS from data URIs
Moderate
CVE-2017-1000427
was published
for
marked
(npm)
Jan 4, 2018
Moderate severity vulnerability that affects marked
Moderate
CVE-2017-17461
was published
for
marked
(npm)
Jan 4, 2018
•
withdrawn
Cross-Site Scripting in keystone
Moderate
CVE-2017-15881
was published
for
keystone
(npm)
Nov 16, 2017
Cross-Site Scripting in keystone
Moderate
CVE-2017-15878
was published
for
keystone
(npm)
Nov 15, 2017
Cross-site Scripting in jquery-ui
Moderate
CVE-2010-5312
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS
Moderate
CVE-2012-6662
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
Moderate severity vulnerability that affects ember
Moderate
GHSA-vxp4-25qp-86qh
was published
for
ember
(npm)
Oct 24, 2017
•
withdrawn
Moderate severity vulnerability that affects handlebars
Moderate
GHSA-fmr4-7g9q-7hc7
was published
for
handlebars
(npm)
Oct 24, 2017
•
withdrawn
Moderate severity vulnerability that affects validator
Moderate
GHSA-9959-c6q6-6qp3
was published
for
validator
(npm)
Oct 24, 2017
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API