GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
975 advisories
Filter by severity
git-commit-info vulnerable to Command Injection
Critical
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
Backstage Scaffolder plugin has insecure sandbox
High
CVE-2023-35926
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Jun 21, 2023
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Moderate
CVE-2023-34459
was published
for
@openzeppelin/contracts
(npm)
Jun 19, 2023
Snowflake NodeJS Driver vulnerable to Command Injection
High
CVE-2023-34232
was published
for
snowflake-sdk
(npm)
Jun 9, 2023
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme
High
CVE-2023-34245
was published
for
@udecode/plate-link
(npm)
Jun 9, 2023
Phishing attack vulnerability by uploading malicious HTML file
Moderate
CVE-2023-32689
was published
for
parse-server
(npm)
May 31, 2023
Malware in pre-build binaries of bignum
Critical
GHSA-7cgc-fjv4-52x6
was published
for
bignum
(npm)
May 24, 2023
jsreport vulnerable to code injection
Critical
CVE-2023-2583
was published
for
jsreport
(npm)
May 8, 2023
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Critical
CVE-2023-22621
was published
for
@strapi/plugin-email
(npm)
Apr 19, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests
High
CVE-2023-29008
was published
for
@sveltejs/kit
(npm)
Apr 7, 2023
SvelteKit vulnerable to Cross-Site Request Forgery
High
CVE-2023-29003
was published
for
@sveltejs/kit
(npm)
Apr 4, 2023
Imperative CLI vulnerable to Command Injection
Low
CVE-2021-4326
was published
for
@zowe/imperative
(npm)
Mar 1, 2023
textAngular Cross-site Scripting vulnerability
Moderate
CVE-2021-32854
was published
for
textangular
(npm)
Feb 21, 2023
Vditor Cross-site Scripting vulnerability
Moderate
CVE-2021-32855
was published
for
vditor
(npm)
Feb 21, 2023
Erxes vulnerable to Cross-site Scripting
Moderate
CVE-2021-32853
was published
for
erxes
(npm)
Feb 21, 2023
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)
High
CVE-2023-25653
was published
for
node-jose
(npm)
Feb 16, 2023
Sequelize information disclosure vulnerability
Moderate
CVE-2023-22580
was published
for
@sequelize/core
(npm)
Feb 16, 2023
Cross site scripting Vulnerability in backstage Software Catalog
Moderate
CVE-2023-25571
was published
for
@backstage/catalog-model
(npm)
Feb 14, 2023
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service
High
GHSA-8x6c-cv3v-vp6g
was published
for
cacheable-request
(npm)
Feb 11, 2023
•
withdrawn
http-cache-semantics vulnerable to Regular Expression Denial of Service
High
CVE-2022-25881
was published
for
http-cache-semantics
(Maven)
Jan 31, 2023
convict vulnerable to Prototype Pollution
High
CVE-2023-0163
was published
for
convict
(npm)
Jan 10, 2023
jsonwebtoken has insecure input validation in jwt.verify function
High
CVE-2022-23529
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
•
withdrawn
Cross-site scripting vulnerability in TinyMCE alerts
Moderate
CVE-2022-23494
was published
for
TinyMCE
(Composer)
Dec 8, 2022
ProTip!
Advisories are also available from the
GraphQL API