Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

395 advisories

Loading
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service High
GHSA-8x6c-cv3v-vp6g was published for cacheable-request (npm) Feb 11, 2023 withdrawn
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS) High
CVE-2023-25653 was published for node-jose (npm) Feb 16, 2023
justaugustus bifurcation
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry eltigerchino dominikg
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme High
CVE-2023-34245 was published for @udecode/plate-link (npm) Jun 9, 2023
OliverWales
Snowflake NodeJS Driver vulnerable to Command Injection High
CVE-2023-34232 was published for snowflake-sdk (npm) Jun 9, 2023
Backstage Scaffolder plugin has insecure sandbox High
CVE-2023-35926 was published for @backstage/plugin-scaffolder-backend (npm) Jun 21, 2023
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
is_js vulnerable to Regular Expression Denial of Service High
CVE-2020-26302 was published for is_js (npm) Jul 6, 2023
pnpm incorrectly parses tar archives relative to specification High
CVE-2023-37478 was published for @pnpm/cafs (npm) Aug 1, 2023
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory High
GHSA-r3hf-q8q7-fv2p was published for @nguniversal/common (npm) Aug 9, 2023
node-qpdf vulnerable to command injection High
CVE-2023-26155 was published for node-qpdf (npm) Oct 14, 2023
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution High
CVE-2023-45811 was published for deobfuscator (npm) Oct 18, 2023
SteakEnthusiast
json-web-token library is vulnerable to a JWT algorithm confusion attack High
CVE-2023-48238 was published for json-web-token (npm) Nov 17, 2023
PinkDraconian
mockjs vulnerable to Prototype Pollution via the Util.extend function High
CVE-2023-26158 was published for mockjs (npm) Dec 8, 2023
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
SPV Merkle proof malleability allows the maintainer to prove invalid transactions High
GHSA-wg2x-rv86-mmpx was published for @keep-network/tbtc-v2 (npm) Jan 19, 2024
react-query-streamed-hydration Cross-site Scripting vulnerability High
CVE-2024-24558 was published for @tanstack/react-query-next-experimental (npm) Jan 30, 2024
phryneas
Yarn untrusted search path vulnerability High
CVE-2021-4435 was published for yarn (npm) Feb 4, 2024
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability High
CVE-2024-26135 was published for meshcentral (npm) Feb 21, 2024
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) High
CVE-2024-27303 was published for app-builder-lib (npm) Mar 4, 2024
bruno-1337
Path traversal in webpack-dev-middleware High
CVE-2024-29180 was published for webpack-dev-middleware (npm) Mar 21, 2024
palirichtarik
Content-Security-Policy header generation in middleware could be compromised by malicious injections High
CVE-2024-29896 was published for @kindspells/astro-shield (npm) Mar 29, 2024
castarco
dectalk-tts Uses Unencrypted HTTP Request High
CVE-2024-31206 was published for dectalk-tts (npm) Apr 4, 2024
AverageHelper JstnMcBrd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database