GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
395 advisories
Filter by severity
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service
High
GHSA-8x6c-cv3v-vp6g
was published
for
cacheable-request
(npm)
Feb 11, 2023
•
withdrawn
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)
High
CVE-2023-25653
was published
for
node-jose
(npm)
Feb 16, 2023
SvelteKit vulnerable to Cross-Site Request Forgery
High
CVE-2023-29003
was published
for
@sveltejs/kit
(npm)
Apr 4, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests
High
CVE-2023-29008
was published
for
@sveltejs/kit
(npm)
Apr 7, 2023
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme
High
CVE-2023-34245
was published
for
@udecode/plate-link
(npm)
Jun 9, 2023
Snowflake NodeJS Driver vulnerable to Command Injection
High
CVE-2023-34232
was published
for
snowflake-sdk
(npm)
Jun 9, 2023
Backstage Scaffolder plugin has insecure sandbox
High
CVE-2023-35926
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Jun 21, 2023
is_js vulnerable to Regular Expression Denial of Service
High
CVE-2020-26302
was published
for
is_js
(npm)
Jul 6, 2023
pnpm incorrectly parses tar archives relative to specification
High
CVE-2023-37478
was published
for
@pnpm/cafs
(npm)
Aug 1, 2023
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory
High
GHSA-r3hf-q8q7-fv2p
was published
for
@nguniversal/common
(npm)
Aug 9, 2023
node-qpdf vulnerable to command injection
High
CVE-2023-26155
was published
for
node-qpdf
(npm)
Oct 14, 2023
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution
High
CVE-2023-45811
was published
for
deobfuscator
(npm)
Oct 18, 2023
json-web-token library is vulnerable to a JWT algorithm confusion attack
High
CVE-2023-48238
was published
for
json-web-token
(npm)
Nov 17, 2023
mockjs vulnerable to Prototype Pollution via the Util.extend function
High
CVE-2023-26158
was published
for
mockjs
(npm)
Dec 8, 2023
@backstage/backend-app-api leaks GitLab access tokens
High
CVE-2023-6944
was published
for
@backstage/backend-app-api
(npm)
Jan 4, 2024
SPV Merkle proof malleability allows the maintainer to prove invalid transactions
High
GHSA-wg2x-rv86-mmpx
was published
for
@keep-network/tbtc-v2
(npm)
Jan 19, 2024
react-query-streamed-hydration Cross-site Scripting vulnerability
High
CVE-2024-24558
was published
for
@tanstack/react-query-next-experimental
(npm)
Jan 30, 2024
Yarn untrusted search path vulnerability
High
CVE-2021-4435
was published
for
yarn
(npm)
Feb 4, 2024
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
High
CVE-2024-26135
was published
for
meshcentral
(npm)
Feb 21, 2024
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
High
CVE-2024-27303
was published
for
app-builder-lib
(npm)
Mar 4, 2024
Path traversal in webpack-dev-middleware
High
CVE-2024-29180
was published
for
webpack-dev-middleware
(npm)
Mar 21, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections
High
CVE-2024-29896
was published
for
@kindspells/astro-shield
(npm)
Mar 29, 2024
dectalk-tts Uses Unencrypted HTTP Request
High
CVE-2024-31206
was published
for
dectalk-tts
(npm)
Apr 4, 2024
ProTip!
Advisories are also available from the
GraphQL API