GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Missing Origin Validation in parcel-bundler
High
CVE-2018-14731
was published
for
parcel-bundler
(npm)
Oct 30, 2018
Missing Origin Validation in browserify-hmr
High
CVE-2018-14730
was published
for
browserify-hmr
(npm)
Sep 1, 2020
Unauthorized File Access in atompm
High
GHSA-v86x-f47q-f7f4
was published
for
atompm
(npm)
Sep 11, 2020
Packing does not respect root-level ignore files in workspaces
High
CVE-2022-29244
was published
for
npm
(npm)
Jun 2, 2022
ApiKey secret could be revelated on network issue
High
CVE-2021-21421
was published
for
node-etsy-client
(npm)
Apr 6, 2021
Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
High
CVE-2022-36079
was published
for
parse-server
(npm)
Sep 16, 2022
Private Field data leak
High
CVE-2021-32624
was published
for
@keystonejs/keystone
(npm)
May 27, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress
High
CVE-2021-32770
was published
for
gatsby-source-wordpress
(npm)
Jul 19, 2021
LiveQuery publishes user session tokens in parse-server
High
CVE-2021-41109
was published
for
parse-server
(npm)
Sep 30, 2021
Exposure of Sensitive Information in simple-get
High
CVE-2022-0355
was published
for
simple-get
(npm)
Jan 28, 2022
Cookie exposure in requestretry
High
CVE-2022-0654
was published
for
requestretry
(npm)
Feb 24, 2022
Sensitive Information leak via Script File in TinaCMS
High
CVE-2023-25164
was published
for
@tinacms/cli
(npm)
Feb 8, 2023
Private Data Disclosure in express-restify-mongoose
High
CVE-2016-10533
was published
for
express-restify-mongoose
(npm)
Oct 23, 2018
Incorrect Authorization in @uppy/companion
High
CVE-2022-0528
was published
for
@uppy/companion
(npm)
Mar 4, 2022
NocoDB information disclosure vulnerability
High
CVE-2022-2062
was published
for
nocodb
(npm)
Jun 14, 2022
Protected fields exposed via LiveQuery
High
CVE-2022-31112
was published
for
parse-server
(npm)
Jul 6, 2022
Insecure template handling in Express-handlebars
High
CVE-2021-32820
was published
for
express-handlebars
(npm)
Feb 10, 2022
Rendertron discloses absolute paths of files
High
CVE-2017-18355
was published
for
rendertron
(npm)
Feb 12, 2019
Arbitrary File Read in phantom-html-to-pdf
High
CVE-2020-7763
was published
for
phantom-html-to-pdf
(npm)
Nov 6, 2020
ProTip!
Advisories are also available from the
GraphQL API