Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

600 advisories

Loading
Cross-Site Scripting (XSS) in Verdaccio Moderate
CVE-2019-14772 was published for verdaccio (npm) May 29, 2019
evilpacket
Cross-Site Scripting in webpack-bundle-analyzer Moderate
GHSA-pgr8-jg6h-8gw6 was published for webpack-bundle-analyzer (npm) May 23, 2019
tdunlap607
Cross-Site Scripting in simditor Moderate
CVE-2018-19048 was published for simditor (npm) May 14, 2019
Cross-site Scripting in NodeBB Moderate
CVE-2015-9286 was published for nodebb (npm) May 1, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
Rudloff
Cross-Site Scripting in simple-markdown Moderate
CVE-2019-9844 was published for simple-markdown (npm) Apr 9, 2019
Materialize-css vulnerable to Cross-site Scripting in tooltip component Moderate
CVE-2019-11002 was published for @materializecss/materialize (npm) Apr 9, 2019
Materialize-css vulnerable to Cross-site Scripting in autocomplete component Moderate
CVE-2019-11003 was published for @materializecss/materialize (npm) Apr 9, 2019
erik-krogh
Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation Moderate
CVE-2019-11004 was published for @materializecss/materialize (npm) Apr 9, 2019
ajaymahadeven
Cross-Site Scripting in buttle High
CVE-2019-5422 was published for buttle (npm) Apr 8, 2019
Moderate severity vulnerability that affects total.js Moderate
CVE-2019-10260 was published for total.js (npm) Apr 2, 2019
Cross-Site Scripting in editor.md Moderate
CVE-2019-9737 was published for editor.md (npm) Mar 14, 2019
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
Sanitization bypass using HTML Entities in marked Moderate
CVE-2016-10531 was published for marked (npm) Feb 18, 2019
Cross-Site Scripting in backbone Moderate
CVE-2016-10537 was published for backbone (npm) Feb 18, 2019
Cross-Site Scripting in m-server Moderate
CVE-2018-16484 was published for m-server (npm) Feb 7, 2019
Cross-Site Scripting in html-pages Moderate
CVE-2018-16481 was published for html-pages (npm) Feb 7, 2019
Tnantoka/public XSS Vulnerability Moderate
CVE-2018-16480 was published for public (npm) Feb 7, 2019
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (RubyGems) Jan 17, 2019
roka-actico
rendertron XSS vulnerability Moderate
CVE-2017-18352 was published for rendertron (npm) Jan 7, 2019
Cross-Site Scripting in react-dom Moderate
CVE-2018-6341 was published for react-dom (npm) Jan 4, 2019
SimpleMDE XSS Vulnerability Moderate
CVE-2018-19057 was published for simplemde (npm) Nov 21, 2018
Cross-site Scripting in yapi-vendor Moderate
CVE-2018-17574 was published for yapi-vendor (npm) Nov 21, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database