Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments Moderate
GHSA-v7x3-7hw7-pcjg was published for renovate (npm) Oct 21, 2019
Memory Exposure in tunnel-agent Moderate
GHSA-xc7v-wxcw-j472 was published for tunnel-agent (npm) Jun 3, 2019
Memory Exposure in bl Moderate
GHSA-wrw9-m778-g6mc was published for bl (npm) Jun 3, 2019
Memory Exposure in concat-stream Moderate
GHSA-g74r-ffvr-5q9f was published for concat-stream (npm) Jun 3, 2019
Information Exposure on Case Insensitive File Systems in serve Moderate
CVE-2018-3809 was published for serve (npm) Jul 18, 2018
Insecure Default Configuration in airbrake Moderate
CVE-2016-10530 was published for airbrake (npm) Feb 18, 2019
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs Moderate
CVE-2021-32822 was published for hbs (npm) Sep 2, 2021
Exposure of Sensitive Information to an Unauthorized Actor in nanoid Moderate
CVE-2021-23566 was published for nanoid (npm) Jan 21, 2022
baptistecs
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release Moderate
CVE-2022-31051 was published for semantic-release (npm) Jun 9, 2022
dmosen
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy Moderate
CVE-2022-31070 was published for @finastra/nestjs-proxy (npm) Jun 17, 2022
kronoshadow
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy Moderate
CVE-2022-31069 was published for @finastra/nestjs-proxy (npm) Jun 17, 2022
kronoshadow
fhir-works-on-aws-authz-smart handles permissions improperly Moderate
CVE-2022-39230 was published for fhir-works-on-aws-authz-smart (npm) Sep 21, 2022
Exfiltration of hashed SMB credentials on Windows via file:// redirect Moderate
CVE-2022-36077 was published for electron (npm) Nov 10, 2022
coolcoolnoworries
Http request which redirect to another hostname do not strip authorization header in @actions/http-client Moderate
CVE-2020-11021 was published for @actions/http-client (npm) Apr 29, 2020
Privilege escalation: all users can access Admin-level API keys Moderate
CVE-2021-39192 was published for ghost (npm) Jul 22, 2021
zn9988
Unauthorized access to data in @sap-cloud-sdk/core Moderate
CVE-2021-41251 was published for @sap-cloud-sdk/core (npm) Nov 10, 2021
johenning
liquidjs may leak properties of a prototype Moderate
CVE-2022-25948 was published for liquidjs (npm) Dec 22, 2022
Tracking Module in botbait Moderate
CVE-2017-16126 was published for botbait (npm) Sep 1, 2020
Sequelize information disclosure vulnerability Moderate
CVE-2023-22580 was published for @sequelize/core (npm) Feb 16, 2023
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe Moderate
CVE-2023-26108 was published for @nestjs/core (npm) Mar 6, 2023
Directus vulnerable to extraction of password hashes through export querying Moderate
CVE-2023-27481 was published for directus (npm) Mar 8, 2023
erik921 wgorecki
Insecure template handling in express-hbs Moderate
CVE-2021-32817 was published for express-hbs (npm) May 17, 2021
richardfan0606
Exposure of home directory through shescape on Unix with Bash Moderate
CVE-2022-24725 was published for shescape (npm) Mar 3, 2022
Leaking of user information on Cross-Domain communication in sysend Moderate
CVE-2022-24762 was published for sysend (npm) Mar 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects Moderate
CVE-2022-0536 was published for follow-redirects (npm) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API