GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
967 advisories
Filter by severity
Arbitrary JavaScript Execution in bassmaster
Critical
CVE-2014-7205
was published
for
bassmaster
(npm)
Oct 24, 2017
dns-sync command injection vulnerability
Critical
CVE-2014-9682
was published
for
dns-sync
(npm)
Oct 24, 2017
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Critical
CVE-2015-8857
was published
for
uglifier
(RubyGems)
Oct 24, 2017
Deserialization Code Execution in js-yaml
Critical
CVE-2013-4660
was published
for
js-yaml
(npm)
Oct 24, 2017
keycloak-connect and keycloak-js improperly handle invalid tokens
Critical
CVE-2017-7474
was published
for
keycloak-connect
(npm)
Nov 15, 2017
Potential Command Injection in printer
Critical
CVE-2014-3741
was published
for
printer
(npm)
Nov 28, 2017
ejs is vulnerable to remote code execution due to weak input validation
Critical
CVE-2017-1000228
was published
for
ejs
(npm)
Nov 30, 2017
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001002
was published
for
mathjs
(npm)
Dec 18, 2017
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001003
was published
for
mathjs
(npm)
Dec 18, 2017
Arbitrary Code Injection in reduce-css-calc
Critical
CVE-2016-10548
was published
for
reduce-css-calc
(npm)
Jun 7, 2018
Growl before 1.10.0 vulnerable to Command Injection
Critical
CVE-2017-16042
was published
for
growl
(npm)
Jun 8, 2018
Malicious Package in eslint-scope
Critical
GHSA-hxxf-q3w9-4xgw
was published
for
eslint-config-eslint
(npm)
Jul 12, 2018
Code Execution Through IIFE in serialize-to-js
Critical
CVE-2017-5954
was published
for
serialize-to-js
(npm)
Jul 18, 2018
Code Execution through IIFE in node-serialize
Critical
CVE-2017-5941
was published
for
node-serialize
(npm)
Jul 18, 2018
Sandbox Breakout in safe-eval
Critical
CVE-2017-16088
was published
for
safe-eval
(npm)
Jul 18, 2018
Chromium Remote Code Execution in electron
Critical
CVE-2017-16151
was published
for
electron
(npm)
Jul 24, 2018
Arbitrary Code Injection in pouchdb
Critical
CVE-2016-10546
was published
for
pouchdb
(npm)
Jul 26, 2018
Critical severity vulnerability that affects dns-sync
Critical
GHSA-wxvm-fh75-mpgr
was published
for
dns-sync
(npm)
Jul 26, 2018
•
withdrawn
Denial of Service in https-proxy-agent
Critical
CVE-2018-3739
was published
for
https-proxy-agent
(npm)
Jul 27, 2018
ProTip!
Advisories are also available from the
GraphQL API