GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Cross-Site Scripting in serve-index
Moderate
CVE-2015-8856
was published
for
serve-index
(npm)
Oct 24, 2017
Cross-Site Scripting in diagram-js
Moderate
GHSA-8fw4-xh83-3j6q
was published
for
diagram-js
(npm)
Sep 11, 2020
Regular Expression Denial of Service in simple-markdown
Moderate
GHSA-4xf9-pgvv-xx67
was published
for
simple-markdown
(npm)
Sep 3, 2020
Cross-site scripting in TileServer GL
Moderate
CVE-2020-15500
was published
for
tileserver-gl
(npm)
May 17, 2021
Cross-Site Scripting in @hapi/boom
Moderate
GHSA-2ggq-vfcp-gwhj
was published
for
@hapi/boom
(npm)
Sep 4, 2020
Cross-Site Scripting in swagger-ui
Moderate
GHSA-4f9m-pxwh-68hg
was published
for
swagger-ui
(npm)
Sep 11, 2020
Remote Memory Exposure in request
Moderate
CVE-2017-16026
was published
for
request
(npm)
Nov 9, 2018
Invalid Curve Attack in node-jose
Moderate
CVE-2017-16007
was published
for
node-jose
(npm)
Jul 20, 2018
Open Redirect in koa-remove-trailing-slashes
Moderate
CVE-2021-23384
was published
for
koa-remove-trailing-slashes
(npm)
Feb 10, 2022
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2020-12648
was published
for
tinymce
(npm)
Aug 11, 2020
Cross-Site Scripting in @ckeditor/ckeditor5-link
Moderate
CVE-2018-11093
was published
for
@ckeditor/ckeditor5-link
(npm)
May 23, 2018
Improper Certificate Validation in node-sass
Moderate
CVE-2020-24025
was published
for
node-sass
(npm)
Feb 9, 2022
Remote command injection when using sendmail email transport
Moderate
GHSA-wfrj-qqc2-83cm
was published
for
ghost
(npm)
Sep 20, 2021
Out-of-bounds Read in base64url
Moderate
GHSA-rvg8-pwq2-xj7q
was published
for
base64url
(npm)
Sep 1, 2020
Improper Input Validation in sanitize-html
Moderate
CVE-2021-26539
was published
for
sanitize-html
(npm)
May 6, 2021
Insecure Cryptography Algorithm in simple-crypto-js
Moderate
GHSA-5v7r-jg9r-vq44
was published
for
simple-crypto-js
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API