Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,139 advisories

Loading
Cross-Site Scripting in dojo Moderate
CVE-2015-5654 was published for dojo (npm) Sep 11, 2020
Cross-site Scripting in yapi-vendor Moderate
CVE-2018-17574 was published for yapi-vendor (npm) Nov 21, 2018
Ghost vulnerable to remote code execution in locale setting change Moderate
GHSA-7v28-g2pq-ggg8 was published for ghost (npm) Jun 17, 2022
devx00
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments Moderate
GHSA-v7x3-7hw7-pcjg was published for renovate (npm) Oct 21, 2019
Renovate vulnerable to Azure DevOps token leakage in logs Moderate
GHSA-36rh-ggpr-j3gj was published for renovate (npm) Sep 14, 2020
ylemkimon
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page Moderate
GHSA-2fvv-qxrq-7jq6 was published for apollo-server-core (npm) Aug 18, 2022
adenkiewicz
Read the Docs vulnerable to Cross-Site Scripting (XSS) Moderate
GHSA-98pf-gfh3-x3mp was published for readthedocs (npm) Nov 10, 2022
stsewd
Batched HTTP requests may set incorrect `cache-control` response header Moderate
GHSA-8r69-3cvp-wxc3 was published for @apollo/server (npm) Nov 2, 2022
Cryptographically Weak PRNG in generate-password Moderate
GHSA-6qqf-vvcr-7qrv was published for generate-password (npm) May 23, 2019
Cross-Site Scripting in simditor Moderate
CVE-2018-19048 was published for simditor (npm) May 14, 2019
Withdrawn Moderate
GHSA-chgg-rrmv-5q7x was published for jwt-simple (npm) Aug 3, 2020 withdrawn
Cross-Site Scripting in bootbox Moderate
GHSA-87mg-h5r3-hw88 was published for bootbox (npm) May 30, 2019
Reflected Cross-Site Scripting in jquery.terminal Moderate
GHSA-2hwp-g4g7-mwwj was published for jquery.terminal (npm) May 29, 2019
Memory Exposure in tunnel-agent Moderate
GHSA-xc7v-wxcw-j472 was published for tunnel-agent (npm) Jun 3, 2019
Cross-Site Scripting in shave Moderate
CVE-2019-12313 was published for shave (npm) May 29, 2019
XSS Moderate
GHSA-qfmr-6qvh-49gm was published for knockout (npm) Feb 25, 2021 withdrawn
Command Injection in dns-sync Moderate
GHSA-c6h2-mpc6-232h was published for dns-sync (npm) Aug 27, 2020 withdrawn
Authentication Weakness in keystone Moderate
GHSA-9xgp-hfw7-73rq was published for keystone (npm) Aug 19, 2020 withdrawn
Out-of-bounds Read in concat-with-sourcemaps Moderate
GHSA-2xv3-h762-ccxv was published for concat-with-sourcemaps (npm) May 29, 2019
Incorrect Authorization Moderate
GHSA-5hx7-77g4-wqx3 was published for aedes (npm) Feb 23, 2021 withdrawn
Regular Expression Denial of Service Moderate
GHSA-7m7q-q53v-j47v was published for marked (npm) Feb 25, 2021 withdrawn
Denial of Service in canvas Moderate
GHSA-vpq5-4rc8-c222 was published for canvas (npm) Jun 5, 2019
Missing Origin Validation in parcel-bundler Moderate
GHSA-5j4m-89xf-mf5p was published for parcel-bundler (npm) Aug 27, 2020 withdrawn
Regular Expression Denial of Service Moderate
GHSA-6394-6h9h-cfjg was published for nwmatcher (npm) Jun 7, 2019
Path Traversal in servey Moderate
GHSA-rv49-54qp-fw42 was published for servey (npm) Jun 6, 2019
ProTip! Advisories are also available from the GraphQL API