GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
395 advisories
Filter by severity
Duplicate Advisory: Kerberos for NodeJS allows DLL Injection
High
GHSA-f478-xwv9-p93q
was published
for
kerberos
(npm)
May 24, 2022
•
withdrawn
jquery-plugin-query-object contains prototype pollution vulnerability
High
CVE-2021-20083
was published
for
jquery-query-object
(npm)
May 24, 2022
Obsidian Dataview vulnerable to code injection due to unsafe eval
High
CVE-2021-42057
was published
for
obsidian-dataview
(npm)
May 24, 2022
mootools-more vulnerable to prototype pollution
High
CVE-2021-20088
was published
for
mootools-more
(npm)
May 24, 2022
AttesterSlashing number overflow
High
CVE-2022-29219
was published
for
@chainsafe/lodestar
(npm)
May 24, 2022
fastify-bearer-auth vulnerable to Timing Attack Vector
High
CVE-2022-31142
was published
for
@fastify/bearer-auth
(npm)
Jul 15, 2022
oauth2-server through 3.1.1 vulnerable to Open Redirect
High
CVE-2020-26938
was published
for
oauth2-server
(npm)
Aug 30, 2022
matrix-js-sdk subject to impersonated messages due to permissive key forwarding
High
CVE-2022-39249
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
High
CVE-2022-39251
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
High
CVE-2022-39250
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
tiny-csrf has openly visible CSRF tokens
High
CVE-2022-39287
was published
for
tiny-csrf
(npm)
Oct 7, 2022
fastify vulnerable to denial of service via malicious Content-Type
High
CVE-2022-39288
was published
for
fastify
(npm)
Oct 11, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-37599
was published
for
loader-utils
(npm)
Oct 12, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
High
CVE-2022-37603
was published
for
loader-utils
(npm)
Oct 14, 2022
Markdownify subject to Remote Code Execution via malicious markdown file
High
CVE-2022-41709
was published
for
electron-markdownify
(npm)
Oct 19, 2022
muhammara and hummus vulnerable to denial of service by NULL pointer dereference
High
CVE-2022-25892
was published
for
hummus
(npm)
Nov 1, 2022
Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp
High
CVE-2022-39381
was published
for
hummus
(npm)
Nov 2, 2022
Redwood is vulnerable to account takeover via dbAuth "forgot-password"
High
GHSA-3qmc-2r76-4rqp
was published
for
@redwoodjs/api
(npm)
Nov 10, 2022
muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference
High
CVE-2022-41957
was published
for
hummus
(npm)
Dec 5, 2022
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23487
was published
for
libp2p
(npm)
Dec 7, 2022
jsonwebtoken has insecure input validation in jwt.verify function
High
CVE-2022-23529
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
•
withdrawn
convict vulnerable to Prototype Pollution
High
CVE-2023-0163
was published
for
convict
(npm)
Jan 10, 2023
ProTip!
Advisories are also available from the
GraphQL API