GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
395 advisories
Filter by severity
GraphiQL introspection schema template injection attack
High
CVE-2021-41248
was published
for
graphiql
(npm)
Nov 8, 2021
XSS vulnerability in GraphQL Playground from untrusted schemas
High
CVE-2021-41249
was published
for
graphql-playground-react
(npm)
Nov 8, 2021
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
High
CVE-2020-28472
was published
for
@aws-sdk/shared-ini-file-loader
(npm)
Nov 16, 2021
Path Traversal in @backstage/plugin-scaffolder-backend
High
CVE-2021-43783
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Dec 1, 2021
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
High
CVE-2021-43785
was published
for
@joeattardi/emoji-button
(npm)
Dec 1, 2021
RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend
High
GHSA-2g8g-63j4-9w3r
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Dec 1, 2021
Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend
High
CVE-2021-43776
was published
for
@backstage/plugin-auth-backend
(npm)
Dec 1, 2021
Improper Input Validation in xdLocalStorage
High
CVE-2015-9544
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Improper Input Validation in xdLocalStorage
High
CVE-2015-9545
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Incorrect sanitisation function leads to `XSS` in mermaid
High
CVE-2021-43861
was published
for
mermaid
(npm)
Jan 6, 2022
Infinite loop causing Denial of Service in colors
High
GHSA-5rqg-jm4f-cqx7
was published
for
Colors
(npm)
Jan 10, 2022
Prototype Pollution in putil-merge
High
CVE-2021-23470
was published
for
putil-merge
(npm)
Feb 5, 2022
Incorrect protocol extraction via \r, \n and \t characters
High
CVE-2022-1243
was published
for
urijs
(npm)
Apr 6, 2022
Improper handling of multiline messages in node-irc
High
GHSA-52rh-5rpj-c3w6
was published
for
matrix-org-irc
(npm)
May 5, 2022
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding
High
CVE-2018-7160
was published
for
node-inspector
(npm)
May 13, 2022
•
withdrawn
Malicious PDF can inject JavaScript into PDF Viewer
High
CVE-2018-5158
was published
for
pdfjs-dist
(npm)
May 14, 2022
Improper handling of multiline messages in node-irc affects matrix-appservice-irc
High
CVE-2022-29166
was published
for
matrix-appservice-irc
(npm)
May 23, 2022
ProTip!
Advisories are also available from the
GraphQL API