GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
matrix-react-sdk vulnerable to XSS in Export Chat feature
Moderate
CVE-2023-37259
was published
for
matrix-react-sdk
(npm)
Jul 18, 2023
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Moderate
CVE-2023-34459
was published
for
@openzeppelin/contracts
(npm)
Jun 19, 2023
Phishing attack vulnerability by uploading malicious HTML file
Moderate
CVE-2023-32689
was published
for
parse-server
(npm)
May 31, 2023
textAngular Cross-site Scripting vulnerability
Moderate
CVE-2021-32854
was published
for
textangular
(npm)
Feb 21, 2023
Vditor Cross-site Scripting vulnerability
Moderate
CVE-2021-32855
was published
for
vditor
(npm)
Feb 21, 2023
Erxes vulnerable to Cross-site Scripting
Moderate
CVE-2021-32853
was published
for
erxes
(npm)
Feb 21, 2023
Sequelize information disclosure vulnerability
Moderate
CVE-2023-22580
was published
for
@sequelize/core
(npm)
Feb 16, 2023
Cross site scripting Vulnerability in backstage Software Catalog
Moderate
CVE-2023-25571
was published
for
@backstage/catalog-model
(npm)
Feb 14, 2023
Cross-site scripting vulnerability in TinyMCE alerts
Moderate
CVE-2022-23494
was published
for
TinyMCE
(Composer)
Dec 8, 2022
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Moderate
GHSA-98pf-gfh3-x3mp
was published
for
readthedocs
(npm)
Nov 10, 2022
Markdownify has Files or Directories Accessible to External Parties
Moderate
CVE-2022-41710
was published
for
electron-markdownify
(npm)
Nov 4, 2022
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details
Moderate
CVE-2022-39350
was published
for
@dependencytrack/frontend
(npm)
Oct 25, 2022
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation
Moderate
CVE-2022-39239
was published
for
@netlify/ipx
(npm)
Sep 21, 2022
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page
Moderate
GHSA-2fvv-qxrq-7jq6
was published
for
apollo-server-core
(npm)
Aug 18, 2022
Strapi 4.1.12 Cross-site Scripting via crafted file
Moderate
CVE-2022-32114
was published
for
@strapi/strapi
(npm)
Jul 14, 2022
Path traversal for local publishers in TechDocs backend
Moderate
GHSA-4jqc-jvh2-pxg9
was published
for
@backstage/plugin-techdocs-node
(npm)
Jun 17, 2022
AutoUpdater module fails to validate certain nested components of the bundle
Moderate
CVE-2022-29257
was published
for
electron
(npm)
Jun 16, 2022
Kibana Sensitive Data Disclosure
Moderate
CVE-2021-37939
was published
for
kibana
(npm)
May 24, 2022
Cross-site Scripting in Auth0 Lock
Moderate
CVE-2022-29172
was published
for
auth0-lock
(npm)
May 24, 2022
Joplin Vulnerable to Cross-site Scripting in Note Content
Moderate
CVE-2018-1000534
was published
for
joplin
(npm)
May 14, 2022
statics-server Cross-site Scripting vulnerability
Moderate
CVE-2018-3771
was published
for
statics-server
(npm)
May 13, 2022
tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload
Moderate
CVE-2022-25854
was published
for
@yaireo/tagify
(npm)
Apr 30, 2022
Cross-site Scripting in @rocket.chat/livechat
Moderate
CVE-2022-21830
was published
for
@rocket.chat/livechat
(npm)
Apr 3, 2022
Spoofing attack in swagger-ui-dist
Moderate
CVE-2021-46708
was published
for
swagger-ui-dist
(npm)
Mar 12, 2022
ProTip!
Advisories are also available from the
GraphQL API