GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,739 advisories
Filter by severity
Regular Expression Denial of Service in moment
Moderate
CVE-2016-4055
was published
for
moment
(npm)
Oct 24, 2017
Regular Expression Denial of Service in is-my-json-valid
High
CVE-2016-2537
was published
for
is-my-json-valid
(npm)
Oct 24, 2017
Cross Site Scripting (XSS) in plotly.js
Moderate
CVE-2017-1000006
was published
for
plotly.js
(npm)
Oct 24, 2017
High severity vulnerability that affects electron
High
CVE-2016-1202
was published
for
electron
(npm)
Oct 24, 2017
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Moderate
CVE-2016-7103
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
VBScript Content Injection in marked
Moderate
CVE-2015-1370
was published
for
marked
(npm)
Oct 24, 2017
Multiple XSS Filter Bypasses in validator
Moderate
CVE-2013-7454
was published
for
validator
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects validator
Moderate
CVE-2013-7451
was published
for
validator
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects validator
Moderate
CVE-2013-7452
was published
for
validator
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects validator
Moderate
CVE-2013-7453
was published
for
validator
(npm)
Oct 24, 2017
Regular Expression Denial of Service in ms
High
CVE-2015-8315
was published
for
ms
(npm)
Oct 24, 2017
Regular Expression Denial of Service in marked
High
CVE-2015-8854
was published
for
marked
(npm)
Oct 24, 2017
Cross-Site Scripting in serve-index
Moderate
CVE-2015-8856
was published
for
serve-index
(npm)
Oct 24, 2017
Potential for Script Injection in syntax-error
High
CVE-2014-7192
was published
for
syntax-error
(npm)
Oct 24, 2017
Arbitrary JavaScript Execution in bassmaster
Critical
CVE-2014-7205
was published
for
bassmaster
(npm)
Oct 24, 2017
dns-sync command injection vulnerability
Critical
CVE-2014-9682
was published
for
dns-sync
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects ember
Moderate
GHSA-vxp4-25qp-86qh
was published
for
ember
(npm)
Oct 24, 2017
•
withdrawn
Moderate severity vulnerability that affects validator
Moderate
GHSA-9959-c6q6-6qp3
was published
for
validator
(npm)
Oct 24, 2017
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API