Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

395 advisories

Loading
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
Regular Expression Denial of Service in uglify-js High
CVE-2015-8858 was published for uglify-js (npm) Oct 24, 2017
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry eltigerchino dominikg
Cross-Site Scripting in bootstrap-vue High
GHSA-c7pp-x73h-4m2v was published for bootstrap-vue (npm) Sep 2, 2020
tdunlap607
Private Data Disclosure in express-restify-mongoose High
CVE-2016-10533 was published for express-restify-mongoose (npm) Oct 23, 2018
tdunlap607
Regular Expression Denial of Service in charset High
CVE-2017-16098 was published for charset (npm) Aug 9, 2018
tdunlap607
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service High
GHSA-8x6c-cv3v-vp6g was published for cacheable-request (npm) Feb 11, 2023 withdrawn
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS) High
CVE-2023-25653 was published for node-jose (npm) Feb 16, 2023
justaugustus bifurcation
convict vulnerable to Prototype Pollution High
CVE-2023-0163 was published for convict (npm) Jan 10, 2023
Captain-K-101
Prototype Pollution in putil-merge High
CVE-2021-23470 was published for putil-merge (npm) Feb 5, 2022
Incorrect sanitisation function leads to `XSS` in mermaid High
CVE-2021-43861 was published for mermaid (npm) Jan 6, 2022
Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp High
CVE-2022-39381 was published for hummus (npm) Nov 2, 2022
kilsen through-a-haze
fastify vulnerable to denial of service via malicious Content-Type High
CVE-2022-39288 was published for fastify (npm) Oct 11, 2022
B-i-t-K
Path Traversal in @backstage/plugin-scaffolder-backend High
CVE-2021-43783 was published for @backstage/plugin-scaffolder-backend (npm) Dec 1, 2021
Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend High
CVE-2021-43776 was published for @backstage/plugin-auth-backend (npm) Dec 1, 2021
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button High
CVE-2021-43785 was published for @joeattardi/emoji-button (npm) Dec 1, 2021
erik-krogh agustingianni
Clipboard-based XSS High
CVE-2021-41086 was published for jsuites (npm) Sep 22, 2021
intrigus-lgtm bananabr
erik-krogh
XSS vulnerability in GraphQL Playground from untrusted schemas High
CVE-2021-41249 was published for graphql-playground-react (npm) Nov 8, 2021
Ry0taK
GraphiQL introspection schema template injection attack High
CVE-2021-41248 was published for graphiql (npm) Nov 8, 2021
Ry0taK
Cross Site Request Forgery in kindeditor High
CVE-2021-42228 was published for kindeditor (npm) Oct 18, 2021
Improper Input Validation in xdLocalStorage High
CVE-2015-9544 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
Prototype Pollution in jquery-bbq High
CVE-2021-20086 was published for jquery-bbq (npm) May 24, 2021
Prototype Pollution in jquery-deparam High
CVE-2021-20087 was published for jquery-deparam (npm) May 24, 2021
Path Traversal in Yarn High
CVE-2020-8131 was published for yarn (npm) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database