Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

395 advisories

Loading
GraphiQL introspection schema template injection attack High
CVE-2021-41248 was published for graphiql (npm) Nov 8, 2021
Ry0taK
XSS vulnerability in GraphQL Playground from untrusted schemas High
CVE-2021-41249 was published for graphql-playground-react (npm) Nov 8, 2021
Ry0taK
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader High
CVE-2020-28472 was published for @aws-sdk/shared-ini-file-loader (npm) Nov 16, 2021
kurt-r2c
Path Traversal in @backstage/plugin-scaffolder-backend High
CVE-2021-43783 was published for @backstage/plugin-scaffolder-backend (npm) Dec 1, 2021
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button High
CVE-2021-43785 was published for @joeattardi/emoji-button (npm) Dec 1, 2021
erik-krogh agustingianni
RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend High
GHSA-2g8g-63j4-9w3r was published for @backstage/plugin-scaffolder-backend (npm) Dec 1, 2021
Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend High
CVE-2021-43776 was published for @backstage/plugin-auth-backend (npm) Dec 1, 2021
Improper Input Validation in xdLocalStorage High
CVE-2015-9544 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
Improper Input Validation in xdLocalStorage High
CVE-2015-9545 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
Incorrect sanitisation function leads to `XSS` in mermaid High
CVE-2021-43861 was published for mermaid (npm) Jan 6, 2022
Infinite loop causing Denial of Service in colors High
GHSA-5rqg-jm4f-cqx7 was published for Colors (npm) Jan 10, 2022
G-Rath
Prototype Pollution in putil-merge High
CVE-2021-23470 was published for putil-merge (npm) Feb 5, 2022
Path Traversal in Yarn High
CVE-2020-8131 was published for yarn (npm) Feb 9, 2022
Code Injection in jsen High
CVE-2020-7777 was published for jsen (npm) Feb 10, 2022
Untrusted Search Path in PNPM High
CVE-2022-26183 was published for pnpm (npm) Mar 23, 2022
Incorrect protocol extraction via \r, \n and \t characters High
CVE-2022-1243 was published for urijs (npm) Apr 6, 2022
Haxatron chrisbloom7
Prototype Pollution in async High
CVE-2021-43138 was published for async (npm) Apr 7, 2022
dargmuesli FrederikBolding
jomi-se azaleski morenol MaxLian11
Prototype Pollution in convict High
CVE-2022-22143 was published for convict (npm) Apr 20, 2022
cristianstaicu arjunshibu
Improper handling of multiline messages in node-irc High
GHSA-52rh-5rpj-c3w6 was published for matrix-org-irc (npm) May 5, 2022
kurt-r2c
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding High
CVE-2018-7160 was published for node-inspector (npm) May 13, 2022 withdrawn
Malicious PDF can inject JavaScript into PDF Viewer High
CVE-2018-5158 was published for pdfjs-dist (npm) May 14, 2022
Rob--W
Crash in HeaderParser in dicer High
CVE-2022-24434 was published for dicer (Maven) May 21, 2022
dloetzke
Improper handling of multiline messages in node-irc affects matrix-appservice-irc High
CVE-2022-29166 was published for matrix-appservice-irc (npm) May 23, 2022
Total.js CMS Path Traversal High
CVE-2019-15952 was published for total4 (npm) May 24, 2022
Cezerin Unauthorized Acces High
CVE-2019-18608 was published for cezerin (npm) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database