Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,124
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

980 advisories

Loading
Prototype Pollution in express-fileupload Critical
CVE-2020-7699 was published for express-fileupload (npm) Aug 5, 2020
False-positive validity for NFT1 genesis transactions Critical
CVE-2020-15131 was published for slp-validate (npm) Jul 30, 2020
False-positive validity for NFT1 genesis transactions in SLPJS Critical
CVE-2020-15130 was published for slpjs (npm) Jul 30, 2020
Remote Code Execution in scratch-vm Critical
CVE-2020-14000 was published for scratch-vm (npm) Jul 27, 2020
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0 Critical
CVE-2019-16303 was published for generator-jhipster-kotlin (npm) Jun 26, 2020
JLLeitschuh
RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign Critical
CVE-2020-14967 was published for jsrsasign (npm) Jun 26, 2020
RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign Critical
CVE-2020-14968 was published for jsrsasign (npm) Jun 26, 2020
Command Injection in umount Critical
CVE-2020-7628 was published for umount (npm) Jun 10, 2020
Prototype Pollution in ini-parser Critical
CVE-2020-7617 was published for ini-parser (npm) Jun 10, 2020
Validation Bypass in schema-inspector Critical
CVE-2019-10781 was published for schema-inspector (npm) Jun 10, 2020
Arbitrary shell command execution in logkitty Critical
CVE-2020-8149 was published for logkitty (npm) Jun 5, 2020
Exposure of Sensitive Information to an Unauthorized Actor in AEgir Critical
CVE-2020-11059 was published for aegir (npm) May 27, 2020
tdunlap607
curlrequest allows execution of arbitrary commands Critical
CVE-2020-7646 was published for curlrequest (npm) May 13, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11072 was published for slp-validate (npm) May 12, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11071 was published for slpjs (npm) May 12, 2020
Command Injection in hot-formula-parser Critical
CVE-2020-6836 was published for hot-formula-parser (npm) May 6, 2020
Command Injection in npm-programmatic Critical
CVE-2020-7614 was published for npm-programmatic (npm) Apr 23, 2020
OS Command Injection in devcert-sanscache Critical
CVE-2019-10778 was published for devcert-sanscache (npm) Apr 14, 2020
OS command injection in aws-lambda Critical
CVE-2019-10777 was published for aws-lambda (npm) Feb 14, 2020
OS command injection in git-diff-apply Critical
CVE-2019-10776 was published for git-diff-apply (npm) Feb 14, 2020
Command Injection in node-df Critical
CVE-2019-15597 was published for node-df (npm) Feb 14, 2020
Remote Code Execution Vulnerability in NPM mongo-express Critical
CVE-2019-10758 was published for mongo-express (npm) Dec 30, 2019
JLLeitschuh
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
Sandbox Breakout / Arbitrary Code Execution in safer-eval Critical
CVE-2019-10769 was published for safer-eval (npm) Dec 11, 2019
Strapi allows unauthenticated attacker to reset admin password without valid reset token Critical
CVE-2019-18818 was published for strapi (npm) Dec 2, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database