GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
73 advisories
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
The `size` option isn't honored after following a redirect in node-fetch
Low
CVE-2020-15168
was published
for
node-fetch
(npm)
Sep 10, 2020
Next.js Directory Traversal Vulnerability
High
CVE-2017-16877
was published
for
next
(npm)
Dec 5, 2017
Regular Expression Denial of Service in tough-cookie
High
CVE-2017-15010
was published
for
tough-cookie
(npm)
Jul 24, 2018
Code Execution Through IIFE in serialize-to-js
Critical
CVE-2017-5954
was published
for
serialize-to-js
(npm)
Jul 18, 2018
Cross-Site Scripting in serve-index
Moderate
CVE-2015-8856
was published
for
serve-index
(npm)
Oct 24, 2017
Cross-Site Scripting in swagger-ui
High
CVE-2016-1000233
was published
for
swagger-ui
(npm)
Sep 1, 2020
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Critical
CVE-2020-11059
was published
for
aegir
(npm)
May 27, 2020
Regular Expression Denial of Service in papaparse
High
GHSA-qvjc-g5vr-mfgr
was published
for
papaparse
(npm)
Sep 4, 2020
Command Injection in node-rules
High
GHSA-8whr-v3gm-w8h9
was published
for
node-rules
(npm)
Sep 3, 2020
Cross-Site Scripting in diagram-js
Moderate
GHSA-8fw4-xh83-3j6q
was published
for
diagram-js
(npm)
Sep 11, 2020
Regular Expression Denial of Service in simple-markdown
Moderate
GHSA-4xf9-pgvv-xx67
was published
for
simple-markdown
(npm)
Sep 3, 2020
Knex.js has a limited SQL injection vulnerability
High
CVE-2016-20018
was published
for
knex
(npm)
Dec 19, 2022
Cross-site scripting in TileServer GL
Moderate
CVE-2020-15500
was published
for
tileserver-gl
(npm)
May 17, 2021
Cross-Site Scripting in @hapi/boom
Moderate
GHSA-2ggq-vfcp-gwhj
was published
for
@hapi/boom
(npm)
Sep 4, 2020
Cross-Site Scripting in swagger-ui
Moderate
GHSA-4f9m-pxwh-68hg
was published
for
swagger-ui
(npm)
Sep 11, 2020
Prototype Pollution in asciitable.js
Critical
CVE-2020-7771
was published
for
asciitable.js
(npm)
Apr 13, 2021
parse-server crashes when receiving file download request with invalid byte range
High
CVE-2022-39313
was published
for
parse-server
(npm)
Oct 18, 2022
Command Injection in egg-scripts
Critical
CVE-2018-3786
was published
for
egg-scripts
(npm)
Sep 17, 2018
ProTip!
Advisories are also available from the
GraphQL API