GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Moderate
GHSA-v7x3-7hw7-pcjg
was published
for
renovate
(npm)
Oct 21, 2019
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Memory Exposure in concat-stream
Moderate
GHSA-g74r-ffvr-5q9f
was published
for
concat-stream
(npm)
Jun 3, 2019
Information Exposure on Case Insensitive File Systems in serve
Moderate
CVE-2018-3809
was published
for
serve
(npm)
Jul 18, 2018
Insecure Default Configuration in airbrake
Moderate
CVE-2016-10530
was published
for
airbrake
(npm)
Feb 18, 2019
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
Moderate
CVE-2021-32822
was published
for
hbs
(npm)
Sep 2, 2021
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
Moderate
CVE-2021-23566
was published
for
nanoid
(npm)
Jan 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Moderate
CVE-2022-31051
was published
for
semantic-release
(npm)
Jun 9, 2022
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Moderate
CVE-2022-31070
was published
for
@finastra/nestjs-proxy
(npm)
Jun 17, 2022
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Moderate
CVE-2022-31069
was published
for
@finastra/nestjs-proxy
(npm)
Jun 17, 2022
fhir-works-on-aws-authz-smart handles permissions improperly
Moderate
CVE-2022-39230
was published
for
fhir-works-on-aws-authz-smart
(npm)
Sep 21, 2022
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Moderate
CVE-2022-36077
was published
for
electron
(npm)
Nov 10, 2022
Http request which redirect to another hostname do not strip authorization header in @actions/http-client
Moderate
CVE-2020-11021
was published
for
@actions/http-client
(npm)
Apr 29, 2020
Privilege escalation: all users can access Admin-level API keys
Moderate
CVE-2021-39192
was published
for
ghost
(npm)
Jul 22, 2021
Unauthorized access to data in @sap-cloud-sdk/core
Moderate
CVE-2021-41251
was published
for
@sap-cloud-sdk/core
(npm)
Nov 10, 2021
liquidjs may leak properties of a prototype
Moderate
CVE-2022-25948
was published
for
liquidjs
(npm)
Dec 22, 2022
Sequelize information disclosure vulnerability
Moderate
CVE-2023-22580
was published
for
@sequelize/core
(npm)
Feb 16, 2023
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe
Moderate
CVE-2023-26108
was published
for
@nestjs/core
(npm)
Mar 6, 2023
Directus vulnerable to extraction of password hashes through export querying
Moderate
CVE-2023-27481
was published
for
directus
(npm)
Mar 8, 2023
Insecure template handling in express-hbs
Moderate
CVE-2021-32817
was published
for
express-hbs
(npm)
May 17, 2021
Exposure of home directory through shescape on Unix with Bash
Moderate
CVE-2022-24725
was published
for
shescape
(npm)
Mar 3, 2022
Leaking of user information on Cross-Domain communication in sysend
Moderate
CVE-2022-24762
was published
for
sysend
(npm)
Mar 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
Moderate
CVE-2022-0536
was published
for
follow-redirects
(npm)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API