Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

975 advisories

Loading
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
git-commit-info vulnerable to Command Injection Critical
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
Backstage Scaffolder plugin has insecure sandbox High
CVE-2023-35926 was published for @backstage/plugin-scaffolder-backend (npm) Jun 21, 2023
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees Moderate
CVE-2023-34459 was published for @openzeppelin/contracts (npm) Jun 19, 2023
Snowflake NodeJS Driver vulnerable to Command Injection High
CVE-2023-34232 was published for snowflake-sdk (npm) Jun 9, 2023
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme High
CVE-2023-34245 was published for @udecode/plate-link (npm) Jun 9, 2023
OliverWales
Phishing attack vulnerability by uploading malicious HTML file Moderate
CVE-2023-32689 was published for parse-server (npm) May 31, 2023
dblythy mtrezza
Malware in pre-build binaries of bignum Critical
GHSA-7cgc-fjv4-52x6 was published for bignum (npm) May 24, 2023
calebbrown rvagg
jsreport vulnerable to code injection Critical
CVE-2023-2583 was published for jsreport (npm) May 8, 2023
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry eltigerchino dominikg
Imperative CLI vulnerable to Command Injection Low
CVE-2021-4326 was published for @zowe/imperative (npm) Mar 1, 2023
MarkAckert
textAngular Cross-site Scripting vulnerability Moderate
CVE-2021-32854 was published for textangular (npm) Feb 21, 2023
Vditor Cross-site Scripting vulnerability Moderate
CVE-2021-32855 was published for vditor (npm) Feb 21, 2023
Erxes vulnerable to Cross-site Scripting Moderate
CVE-2021-32853 was published for erxes (npm) Feb 21, 2023
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS) High
CVE-2023-25653 was published for node-jose (npm) Feb 16, 2023
justaugustus bifurcation
Sequelize information disclosure vulnerability Moderate
CVE-2023-22580 was published for @sequelize/core (npm) Feb 16, 2023
Cross site scripting Vulnerability in backstage Software Catalog Moderate
CVE-2023-25571 was published for @backstage/catalog-model (npm) Feb 14, 2023
Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service High
GHSA-8x6c-cv3v-vp6g was published for cacheable-request (npm) Feb 11, 2023 withdrawn
http-cache-semantics vulnerable to Regular Expression Denial of Service High
CVE-2022-25881 was published for http-cache-semantics (Maven) Jan 31, 2023
tdunlap607
RSSHub SSRF vulnerability High
CVE-2023-22493 was published for rsshub (npm) Jan 11, 2023
dwisiswant0
convict vulnerable to Prototype Pollution High
CVE-2023-0163 was published for convict (npm) Jan 10, 2023
Captain-K-101
jsonwebtoken has insecure input validation in jwt.verify function High
CVE-2022-23529 was published for jsonwebtoken (npm) Dec 22, 2022 withdrawn
Cross-site scripting vulnerability in TinyMCE alerts Moderate
CVE-2022-23494 was published for TinyMCE (Composer) Dec 8, 2022
P4rkJW
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database