GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
160 advisories
Filter by severity
Vendure Cross Site Request Forgery vulnerability impacting all API requests
Low
GHSA-h9wq-xcqx-mqxm
was published
for
@vendure/core
(npm)
Jul 11, 2023
sweetalert2 v11.6.14 and above contains potentially undesirable behavior
Low
GHSA-mrr8-v49w-3333
was published
for
sweetalert2
(npm)
Jul 10, 2023
Stylelint has vulnerability in semver dependency
Low
GHSA-f7xj-rg7h-mc87
was published
for
stylelint
(npm)
Jul 7, 2023
•
withdrawn
Shescape potential environment variable exposure on Windows with CMD
Low
CVE-2023-35931
was published
for
shescape
(npm)
Jun 22, 2023
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces
Low
GHSA-68jh-rf6x-836f
was published
for
@apollo/server
(npm)
Jun 16, 2023
fast-xml-parser regex vulnerability patch could be improved from a safety perspective
Low
GHSA-gpv5-7x3g-ghjv
was published
for
fast-xml-parser
(npm)
Jun 15, 2023
@keystone-6/core's bundled cuid package known to be insecure
Low
GHSA-5fp6-4xw3-xqq3
was published
for
@keystone-6/core
(npm)
Jun 12, 2023
Possible prototype pollution in metadata record, when using meta decorator
Low
CVE-2023-30857
was published
for
@aedart/support
(npm)
May 1, 2023
eslint-detailed-reporter vulnerable to cross-site scripting
Low
CVE-2022-4942
was published
for
eslint-detailed-reporter
(npm)
Apr 20, 2023
Imperative CLI vulnerable to Command Injection
Low
CVE-2021-4326
was published
for
@zowe/imperative
(npm)
Mar 1, 2023
sweetalert2 v8.19.1 and above contains hidden functionality
Low
GHSA-8jh9-wqpf-q52c
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality
Low
GHSA-pg98-6v7f-2xfv
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality
Low
GHSA-457r-cqc8-9vj9
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v11.4.9 and above contains hidden functionality
Low
GHSA-qq6h-5g6j-q3cm
was published
for
sweetalert2
(npm)
Nov 23, 2022
Hardening of TypedArrays with non-canonical numeric property names in SES
Low
GHSA-whpx-q3rq-w8jc
was published
for
ses
(npm)
Oct 20, 2022
Incorrect default cookie name and recommendation
Low
GHSA-jjmg-x456-w976
was published
for
csrf-csrf
(npm)
Oct 10, 2022
parse-server auth adapter app ID validation can be circumvented
Low
CVE-2022-39231
was published
for
parse-server
(npm)
Sep 21, 2022
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Low
CVE-2022-36036
was published
for
mdx-mermaid
(npm)
Aug 31, 2022
Command Injection in moment-timezone
Low
GHSA-56x4-j7p9-fcf9
was published
for
moment-timezone
(npm)
Aug 30, 2022
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Low
CVE-2022-31186
was published
for
next-auth
(npm)
Aug 6, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Low
CVE-2022-29247
was published
for
electron
(npm)
Jun 16, 2022
Regular expression denial of service in markdown-link-extractor
Low
CVE-2021-43308
was published
for
markdown-link-extractor
(npm)
Jun 3, 2022
Regular expression denial of service in semver-regex
Low
CVE-2021-43307
was published
for
semver-regex
(npm)
Jun 3, 2022
Regular expression denial of service in jquery-validation
Low
CVE-2021-43306
was published
for
jquery-validation
(npm)
Jun 3, 2022
ProTip!
Advisories are also available from the
GraphQL API