GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
975 advisories
Filter by severity
Path traversal in webpack-dev-middleware
High
CVE-2024-29180
was published
for
webpack-dev-middleware
(npm)
Mar 21, 2024
RSSHub vulnerable to Server-Side Request Forgery
Moderate
CVE-2024-27927
was published
for
rsshub
(npm)
Mar 6, 2024
Strapi 4.1.12 Cross-site Scripting via crafted file
Moderate
CVE-2022-32114
was published
for
@strapi/strapi
(npm)
Jul 14, 2022
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
High
CVE-2024-27303
was published
for
app-builder-lib
(npm)
Mar 4, 2024
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
Moderate
CVE-2024-28239
was published
for
directus
(npm)
Mar 12, 2024
JSONata expression can pollute the "Object" prototype
Critical
CVE-2024-27307
was published
for
jsonata
(npm)
Mar 4, 2024
Directus version number disclosure
Moderate
CVE-2024-27296
was published
for
directus
(npm)
Mar 1, 2024
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Low
CVE-2024-27094
was published
for
@openzeppelin/contracts
(npm)
Feb 29, 2024
Misinterpretation of malicious XML input
Moderate
CVE-2021-32796
was published
for
@xmldom/xmldom
(npm)
Aug 3, 2021
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
High
CVE-2024-26135
was published
for
meshcentral
(npm)
Feb 21, 2024
Undici's cookie header not cleared on cross-origin redirect in fetch
Low
CVE-2023-45143
was published
for
undici
(npm)
Oct 16, 2023
Unlimited transforms allowed for signed nodes
Moderate
CVE-2021-39171
was published
for
passport-saml
(npm)
Aug 30, 2021
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Duplicate Advisory: CKEditor Cross-site Scripting vulnerability
Moderate
GHSA-hxjc-9j8v-v9pr
was published
for
ckeditor4
(npm)
Nov 16, 2023
•
withdrawn
Yarn untrusted search path vulnerability
High
CVE-2021-4435
was published
for
yarn
(npm)
Feb 4, 2024
@backstage/backend-app-api leaks GitLab access tokens
High
CVE-2023-6944
was published
for
@backstage/backend-app-api
(npm)
Jan 4, 2024
dset vulnerable to prototype pollution
Critical
CVE-2020-28277
was published
for
dset
(npm)
May 24, 2022
shvl vulnerable to prototype pollution
Critical
CVE-2020-28278
was published
for
shvl
(npm)
May 24, 2022
Follow Redirects improperly handles URLs in the url.parse() function
Moderate
CVE-2023-26159
was published
for
follow-redirects
(npm)
Jan 2, 2024
react-query-streamed-hydration Cross-site Scripting vulnerability
High
CVE-2024-24558
was published
for
@tanstack/react-query-next-experimental
(npm)
Jan 30, 2024
SPV Merkle proof malleability allows the maintainer to prove invalid transactions
High
GHSA-wg2x-rv86-mmpx
was published
for
@keep-network/tbtc-v2
(npm)
Jan 19, 2024
botframework-connector vulnerable to Improper Authentication
Moderate
CVE-2021-1725
was published
for
botframework-connector
(npm)
Mar 8, 2021
ProTip!
Advisories are also available from the
GraphQL API