Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

105 advisories

Loading
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments Moderate
GHSA-v7x3-7hw7-pcjg was published for renovate (npm) Oct 21, 2019
Memory Exposure in tunnel-agent Moderate
GHSA-xc7v-wxcw-j472 was published for tunnel-agent (npm) Jun 3, 2019
Memory Exposure in bl Moderate
GHSA-wrw9-m778-g6mc was published for bl (npm) Jun 3, 2019
Sensitive Data Exposure in pem Critical
GHSA-pgcr-7wm4-mcv6 was published for pem (npm) Jun 4, 2019
Memory Exposure in concat-stream Moderate
GHSA-g74r-ffvr-5q9f was published for concat-stream (npm) Jun 3, 2019
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Github Token Leak in aegir High
CVE-2017-16225 was published for aegir (npm) Jul 24, 2018
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
Information Exposure on Case Insensitive File Systems in serve Moderate
CVE-2018-3809 was published for serve (npm) Jul 18, 2018
Insecure Default Configuration in airbrake Moderate
CVE-2016-10530 was published for airbrake (npm) Feb 18, 2019
Sensitive Data Exposure in loopback Low
GHSA-724c-6vrf-99rq was published for loopback (npm) Sep 2, 2020
Missing Origin Validation in browserify-hmr High
CVE-2018-14730 was published for browserify-hmr (npm) Sep 1, 2020
Sensitive Data Exposure in put Low
GHSA-v6gv-fg46-h89j was published for put (npm) Sep 3, 2020
Unauthorized File Access in atompm High
GHSA-v86x-f47q-f7f4 was published for atompm (npm) Sep 11, 2020
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs Moderate
CVE-2021-32822 was published for hbs (npm) Sep 2, 2021
Exposure of Sensitive Information to an Unauthorized Actor in nanoid Moderate
CVE-2021-23566 was published for nanoid (npm) Jan 21, 2022
baptistecs
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release Moderate
CVE-2022-31051 was published for semantic-release (npm) Jun 9, 2022
dmosen
Packing does not respect root-level ignore files in workspaces High
CVE-2022-29244 was published for npm (npm) Jun 2, 2022
bnb
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy Moderate
CVE-2022-31070 was published for @finastra/nestjs-proxy (npm) Jun 17, 2022
kronoshadow
Hostname confusion in parse-url High
CVE-2022-0722 was published for parse-url (npm) Jun 28, 2022
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy Moderate
CVE-2022-31069 was published for @finastra/nestjs-proxy (npm) Jun 17, 2022
kronoshadow
fhir-works-on-aws-authz-smart handles permissions improperly Moderate
CVE-2022-39230 was published for fhir-works-on-aws-authz-smart (npm) Sep 21, 2022
ApiKey secret could be revelated on network issue High
CVE-2021-21421 was published for node-etsy-client (npm) Apr 6, 2021
boly38
Parse Server vulnerable to brute force guessing of user sensitive data via search patterns High
CVE-2022-36079 was published for parse-server (npm) Sep 16, 2022
s00py
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database