GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
Cross-site Scripting in markdown-it-highlightjs
Moderate
CVE-2020-7773
was published
for
markdown-it-highlightjs
(npm)
Feb 10, 2022
Cross-site scripting in lazysizes
Moderate
CVE-2020-7642
was published
for
lazysizes
(npm)
Dec 10, 2021
Server side request forgery in SwaggerUI
Moderate
GHSA-qrmm-w75w-3wpx
was published
for
Swashbuckle.AspNetCore.SwaggerUI
(npm)
Dec 9, 2021
Cross-site Scripting in apostrophe
Moderate
CVE-2021-25978
was published
for
apostrophe
(npm)
Nov 10, 2021
XSS vulnerability allowing arbitrary JavaScript execution
Moderate
CVE-2021-41174
was published
for
@grafana/data
(npm)
Nov 8, 2021
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2024-21908
was published
for
TinyMCE
(Composer)
Oct 22, 2021
Path Traversal in @backstage/plugin-scaffolder-backend
Moderate
CVE-2021-41151
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Oct 19, 2021
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Moderate
CVE-2021-40823
was published
for
matrix-js-sdk
(npm)
Sep 14, 2021
Cross-site Scripting in file-upload-with-preview
Moderate
CVE-2021-23439
was published
for
file-upload-with-preview
(npm)
Sep 7, 2021
Unlimited transforms allowed for signed nodes
Moderate
CVE-2021-39171
was published
for
passport-saml
(npm)
Aug 30, 2021
Clipboard-based DOM-XSS
Moderate
CVE-2021-37700
was published
for
@github/paste-markdown
(npm)
Aug 12, 2021
Misinterpretation of malicious XML input
Moderate
CVE-2021-32796
was published
for
@xmldom/xmldom
(npm)
Aug 3, 2021
Script injection
Moderate
CVE-2021-32660
was published
for
@backstage/techdocs-common
(npm)
Jun 4, 2021
Script injection
Moderate
CVE-2021-32661
was published
for
@backstage/plugin-techdocs
(npm)
Jun 4, 2021
Path traversal
Moderate
CVE-2021-32662
was published
for
@backstage/techdocs-common
(npm)
Jun 4, 2021
Cross-site Scripting in lightning-server
Moderate
CVE-2020-7747
was published
for
lightning-server
(npm)
May 10, 2021
Improper Input Validation in Google Closure Library
Moderate
CVE-2020-8910
was published
for
google-closure-library
(npm)
May 7, 2021
Exposure of Resource to Wrong Sphere in valib
Moderate
CVE-2019-10805
was published
for
valib
(npm)
Apr 13, 2021
Misinterpretation of malicious XML input
Moderate
CVE-2021-21366
was published
for
xmldom
(npm)
Mar 12, 2021
botframework-connector vulnerable to Improper Authentication
Moderate
CVE-2021-1725
was published
for
botframework-connector
(npm)
Mar 8, 2021
Prototype Pollution in highlight.js
Moderate
CVE-2020-26237
was published
for
highlight.js
(npm)
Nov 24, 2020
ProTip!
Advisories are also available from the
GraphQL API