Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

147 advisories

Loading
matrix-react-sdk vulnerable to XSS in Export Chat feature Moderate
CVE-2023-37259 was published for matrix-react-sdk (npm) Jul 18, 2023
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees Moderate
CVE-2023-34459 was published for @openzeppelin/contracts (npm) Jun 19, 2023
Phishing attack vulnerability by uploading malicious HTML file Moderate
CVE-2023-32689 was published for parse-server (npm) May 31, 2023
dblythy mtrezza
textAngular Cross-site Scripting vulnerability Moderate
CVE-2021-32854 was published for textangular (npm) Feb 21, 2023
Vditor Cross-site Scripting vulnerability Moderate
CVE-2021-32855 was published for vditor (npm) Feb 21, 2023
Erxes vulnerable to Cross-site Scripting Moderate
CVE-2021-32853 was published for erxes (npm) Feb 21, 2023
Sequelize information disclosure vulnerability Moderate
CVE-2023-22580 was published for @sequelize/core (npm) Feb 16, 2023
Cross site scripting Vulnerability in backstage Software Catalog Moderate
CVE-2023-25571 was published for @backstage/catalog-model (npm) Feb 14, 2023
Cross-site scripting vulnerability in TinyMCE alerts Moderate
CVE-2022-23494 was published for TinyMCE (Composer) Dec 8, 2022
P4rkJW
Read the Docs vulnerable to Cross-Site Scripting (XSS) Moderate
GHSA-98pf-gfh3-x3mp was published for readthedocs (npm) Nov 10, 2022
stsewd
Markdownify has Files or Directories Accessible to External Parties Moderate
CVE-2022-41710 was published for electron-markdownify (npm) Nov 4, 2022
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details Moderate
CVE-2022-39350 was published for @dependencytrack/frontend (npm) Oct 25, 2022
Waterstraal
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation Moderate
CVE-2022-39239 was published for @netlify/ipx (npm) Sep 21, 2022
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page Moderate
GHSA-2fvv-qxrq-7jq6 was published for apollo-server-core (npm) Aug 18, 2022
adenkiewicz
Strapi 4.1.12 Cross-site Scripting via crafted file Moderate
CVE-2022-32114 was published for @strapi/strapi (npm) Jul 14, 2022
Path traversal for local publishers in TechDocs backend Moderate
GHSA-4jqc-jvh2-pxg9 was published for @backstage/plugin-techdocs-node (npm) Jun 17, 2022
AutoUpdater module fails to validate certain nested components of the bundle Moderate
CVE-2022-29257 was published for electron (npm) Jun 16, 2022
Kibana Sensitive Data Disclosure Moderate
CVE-2021-37939 was published for kibana (npm) May 24, 2022
Cross-site Scripting in Auth0 Lock Moderate
CVE-2022-29172 was published for auth0-lock (npm) May 24, 2022
Joplin Vulnerable to Cross-site Scripting in Note Content Moderate
CVE-2018-1000534 was published for joplin (npm) May 14, 2022
statics-server Cross-site Scripting vulnerability Moderate
CVE-2018-3771 was published for statics-server (npm) May 13, 2022
Prototype Pollution in dset Moderate
CVE-2022-25645 was published for dset (Maven) May 3, 2022
tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload Moderate
CVE-2022-25854 was published for @yaireo/tagify (npm) Apr 30, 2022
Cross-site Scripting in @rocket.chat/livechat Moderate
CVE-2022-21830 was published for @rocket.chat/livechat (npm) Apr 3, 2022
Spoofing attack in swagger-ui-dist Moderate
CVE-2021-46708 was published for swagger-ui-dist (npm) Mar 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database