Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

147 advisories

Loading
Cross-site Scripting in markdown-it-highlightjs Moderate
CVE-2020-7773 was published for markdown-it-highlightjs (npm) Feb 10, 2022
Cross-site scripting in lazysizes Moderate
CVE-2020-7642 was published for lazysizes (npm) Dec 10, 2021
Server side request forgery in SwaggerUI Moderate
GHSA-qrmm-w75w-3wpx was published for Swashbuckle.AspNetCore.SwaggerUI (npm) Dec 9, 2021
dinvlad pshelton-skype
Dingjie-Daniel-Yang
Hexo Vulnerable to XSS Moderate
CVE-2021-25987 was published for hexo (npm) Dec 1, 2021
renbaoshuo
Cross-site Scripting in apostrophe Moderate
CVE-2021-25978 was published for apostrophe (npm) Nov 10, 2021
XSS vulnerability allowing arbitrary JavaScript execution Moderate
CVE-2021-41174 was published for @grafana/data (npm) Nov 8, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21908 was published for TinyMCE (Composer) Oct 22, 2021
Path Traversal in @backstage/plugin-scaffolder-backend Moderate
CVE-2021-41151 was published for @backstage/plugin-scaffolder-backend (npm) Oct 19, 2021
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver Moderate
CVE-2021-40823 was published for matrix-js-sdk (npm) Sep 14, 2021
dkasak
Cross-site Scripting in file-upload-with-preview Moderate
CVE-2021-23439 was published for file-upload-with-preview (npm) Sep 7, 2021
Unlimited transforms allowed for signed nodes Moderate
CVE-2021-39171 was published for passport-saml (npm) Aug 30, 2021
pp-ps
Clipboard-based DOM-XSS Moderate
CVE-2021-37700 was published for @github/paste-markdown (npm) Aug 12, 2021
bananabr
Misinterpretation of malicious XML input Moderate
CVE-2021-32796 was published for @xmldom/xmldom (npm) Aug 3, 2021
diptendur2c
Script injection Moderate
CVE-2021-32660 was published for @backstage/techdocs-common (npm) Jun 4, 2021
Script injection Moderate
CVE-2021-32661 was published for @backstage/plugin-techdocs (npm) Jun 4, 2021
Path traversal Moderate
CVE-2021-32662 was published for @backstage/techdocs-common (npm) Jun 4, 2021
Cross-site Scripting in lightning-server Moderate
CVE-2020-7747 was published for lightning-server (npm) May 10, 2021
Cross-site Scripting in Joplin Moderate
CVE-2020-15930 was published for joplin (npm) May 7, 2021
Improper Input Validation in Google Closure Library Moderate
CVE-2020-8910 was published for google-closure-library (npm) May 7, 2021
DOM XSS in Theme Preview Moderate
CVE-2021-29484 was published for ghost (npm) Apr 29, 2021
tdunlap607
Exposure of Resource to Wrong Sphere in valib Moderate
CVE-2019-10805 was published for valib (npm) Apr 13, 2021
Misinterpretation of malicious XML input Moderate
CVE-2021-21366 was published for xmldom (npm) Mar 12, 2021
jupenur karfau
brodycj
botframework-connector vulnerable to Improper Authentication Moderate
CVE-2021-1725 was published for botframework-connector (npm) Mar 8, 2021
Docsify XSS Vulnerability Moderate
CVE-2021-23342 was published for docsify (npm) Mar 1, 2021
Prototype Pollution in highlight.js Moderate
CVE-2020-26237 was published for highlight.js (npm) Nov 24, 2020
turt2live allejo
joshgoebel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database