Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

157 advisories

Loading
Shescape potential environment variable exposure on Windows with CMD Low
CVE-2023-35931 was published for shescape (npm) Jun 22, 2023
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces Low
GHSA-68jh-rf6x-836f was published for @apollo/server (npm) Jun 16, 2023
fast-xml-parser regex vulnerability patch could be improved from a safety perspective Low
GHSA-gpv5-7x3g-ghjv was published for fast-xml-parser (npm) Jun 15, 2023
juliangilbey
@keystone-6/core's bundled cuid package known to be insecure Low
GHSA-5fp6-4xw3-xqq3 was published for @keystone-6/core (npm) Jun 12, 2023
TomDo1234
Possible prototype pollution in metadata record, when using meta decorator Low
CVE-2023-30857 was published for @aedart/support (npm) May 1, 2023
eslint-detailed-reporter vulnerable to cross-site scripting Low
CVE-2022-4942 was published for eslint-detailed-reporter (npm) Apr 20, 2023
Imperative CLI vulnerable to Command Injection Low
CVE-2021-4326 was published for @zowe/imperative (npm) Mar 1, 2023
MarkAckert
sweetalert2 v8.19.1 and above contains hidden functionality Low
GHSA-8jh9-wqpf-q52c was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality Low
GHSA-pg98-6v7f-2xfv was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality Low
GHSA-457r-cqc8-9vj9 was published for sweetalert2 (npm) Nov 23, 2022
sweetalert2 v11.4.9 and above contains hidden functionality Low
GHSA-qq6h-5g6j-q3cm was published for sweetalert2 (npm) Nov 23, 2022
limonte
Hardening of TypedArrays with non-canonical numeric property names in SES Low
GHSA-whpx-q3rq-w8jc was published for ses (npm) Oct 20, 2022
Incorrect default cookie name and recommendation Low
GHSA-jjmg-x456-w976 was published for csrf-csrf (npm) Oct 10, 2022
parse-server auth adapter app ID validation can be circumvented Low
CVE-2022-39231 was published for parse-server (npm) Sep 21, 2022
KarolisBan
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid Low
CVE-2022-36036 was published for mdx-mermaid (npm) Aug 31, 2022
sjwall
Command Injection in moment-timezone Low
GHSA-56x4-j7p9-fcf9 was published for moment-timezone (npm) Aug 30, 2022
scovetta
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log Low
CVE-2022-31186 was published for next-auth (npm) Aug 6, 2022
ShuPink
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled Low
CVE-2022-29247 was published for electron (npm) Jun 16, 2022
TheGrandPew msrkp
Regular expression denial of service in semver-regex Low
CVE-2021-43307 was published for semver-regex (npm) Jun 3, 2022
Regular expression denial of service in markdown-link-extractor Low
CVE-2021-43308 was published for markdown-link-extractor (npm) Jun 3, 2022
Regular expression denial of service in jquery-validation Low
CVE-2021-43306 was published for jquery-validation (npm) Jun 3, 2022
klaudialax amita-seal
Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom Low
CVE-2021-20066 was published for jsdom (npm) May 24, 2022 withdrawn
jhagege
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite Low
CVE-2016-1000021 was published for cli (npm) May 24, 2022 withdrawn
Renderers can obtain access to random bluetooth device without permission in Electron Low
CVE-2022-21718 was published for electron (npm) Mar 22, 2022
PalmerAL
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database