GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
auth0-js Privilege Escalation Vulnerability
High
CVE-2017-17068
was published
for
auth0-js
(npm)
Dec 21, 2017
Private Data Disclosure in express-restify-mongoose
High
CVE-2016-10533
was published
for
express-restify-mongoose
(npm)
Oct 23, 2018
Missing Origin Validation in parcel-bundler
High
CVE-2018-14731
was published
for
parcel-bundler
(npm)
Oct 30, 2018
Rendertron discloses absolute paths of files
High
CVE-2017-18355
was published
for
rendertron
(npm)
Feb 12, 2019
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Missing Origin Validation in browserify-hmr
High
CVE-2018-14730
was published
for
browserify-hmr
(npm)
Sep 1, 2020
Unauthorized File Access in atompm
High
GHSA-v86x-f47q-f7f4
was published
for
atompm
(npm)
Sep 11, 2020
Arbitrary File Read in phantom-html-to-pdf
High
CVE-2020-7763
was published
for
phantom-html-to-pdf
(npm)
Nov 6, 2020
ApiKey secret could be revelated on network issue
High
CVE-2021-21421
was published
for
node-etsy-client
(npm)
Apr 6, 2021
Insecure template handling in Squirrelly
High
CVE-2021-32819
was published
for
squirrelly
(npm)
May 17, 2021
Potential memory exposure in dns-packet
High
CVE-2021-23386
was published
for
dns-packet
(npm)
May 24, 2021
Private Field data leak
High
CVE-2021-32624
was published
for
@keystonejs/keystone
(npm)
May 27, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress
High
CVE-2021-32770
was published
for
gatsby-source-wordpress
(npm)
Jul 19, 2021
LiveQuery publishes user session tokens in parse-server
High
CVE-2021-41109
was published
for
parse-server
(npm)
Sep 30, 2021
node-fetch forwards secure headers to untrusted sites
High
CVE-2022-0235
was published
for
node-fetch
(npm)
Jan 21, 2022
Exposure of Sensitive Information in simple-get
High
CVE-2022-0355
was published
for
simple-get
(npm)
Jan 28, 2022
Insecure template handling in Express-handlebars
High
CVE-2021-32820
was published
for
express-handlebars
(npm)
Feb 10, 2022
Cookie exposure in requestretry
High
CVE-2022-0654
was published
for
requestretry
(npm)
Feb 24, 2022
Incorrect Authorization in @uppy/companion
High
CVE-2022-0528
was published
for
@uppy/companion
(npm)
Mar 4, 2022
ProTip!
Advisories are also available from the
GraphQL API