GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
Deserialization Code Execution in js-yaml
Critical
CVE-2013-4660
was published
for
js-yaml
(npm)
Oct 24, 2017
ejs is vulnerable to remote code execution due to weak input validation
Critical
CVE-2017-1000228
was published
for
ejs
(npm)
Nov 30, 2017
Prototype Pollution in merge-recursive
Critical
CVE-2018-3751
was published
for
merge-recursive
(npm)
Sep 18, 2018
Prototype Pollution in async merge-object
Critical
CVE-2018-3753
was published
for
merge-object
(npm)
Sep 18, 2018
Prototype Pollution in merge-options
Critical
CVE-2018-3752
was published
for
merge-options
(npm)
Oct 9, 2018
Verification Bypass in jsonwebtoken
Critical
CVE-2015-9235
was published
for
jsonwebtoken
(npm)
Oct 9, 2018
Prototype Pollution in deep-extend
Critical
CVE-2018-3750
was published
for
deep-extend
(npm)
Oct 9, 2018
Forgeable Public/Private Tokens in jwt-simple
Critical
CVE-2016-10555
was published
for
jwt-simple
(npm)
Nov 6, 2018
Arbitrary Code Execution in eslint-utils
Critical
CVE-2019-15657
was published
for
eslint-utils
(npm)
Aug 26, 2019
Improper Input Validation in Automattic Mongoose
Critical
CVE-2019-17426
was published
for
mongoose
(npm)
Oct 22, 2019
Validation Bypass in slp-validate
Critical
CVE-2019-16761
was published
for
slp-validate
(npm)
Nov 15, 2019
Critical severity vulnerability that affects slpjs
Critical
CVE-2019-16762
was published
for
slpjs
(npm)
Nov 15, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Critical
CVE-2019-10769
was published
for
safer-eval
(npm)
Dec 11, 2019
Command Injection in npm-programmatic
Critical
CVE-2020-7614
was published
for
npm-programmatic
(npm)
Apr 23, 2020
Improper Input Validation in network-manager
Critical
CVE-2019-10786
was published
for
network-manager
(npm)
Apr 13, 2021
Remote code execution in mongo-express
Critical
CVE-2020-24391
was published
for
mongodb-query-parser
(npm)
Apr 13, 2021
Improper parsing of octal bytes in netmask
Critical
CVE-2021-28918
was published
for
netmask
(npm)
Apr 14, 2021
Remote Code Execution in npm-groovy-lint
Critical
GHSA-qc22-qwm9-j8rx
was published
for
npm-groovy-lint
(npm)
Dec 20, 2021
Nuclide Improper Input Validation
Critical
CVE-2018-6333
was published
for
nuclide
(npm)
May 13, 2022
Etherpad Lite Access Restriction Bypass
Critical
CVE-2018-6835
was published
for
ep_etherpad-lite
(npm)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API