GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
975 advisories
Filter by severity
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23487
was published
for
libp2p
(npm)
Dec 7, 2022
muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference
High
CVE-2022-41957
was published
for
hummus
(npm)
Dec 5, 2022
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Moderate
GHSA-98pf-gfh3-x3mp
was published
for
readthedocs
(npm)
Nov 10, 2022
Redwood is vulnerable to account takeover via dbAuth "forgot-password"
High
GHSA-3qmc-2r76-4rqp
was published
for
@redwoodjs/api
(npm)
Nov 10, 2022
Markdownify has Files or Directories Accessible to External Parties
Moderate
CVE-2022-41710
was published
for
electron-markdownify
(npm)
Nov 4, 2022
Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp
High
CVE-2022-39381
was published
for
hummus
(npm)
Nov 2, 2022
muhammara and hummus vulnerable to denial of service by NULL pointer dereference
High
CVE-2022-25892
was published
for
hummus
(npm)
Nov 1, 2022
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details
Moderate
CVE-2022-39350
was published
for
@dependencytrack/frontend
(npm)
Oct 25, 2022
Markdownify subject to Remote Code Execution via malicious markdown file
High
CVE-2022-41709
was published
for
electron-markdownify
(npm)
Oct 19, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
High
CVE-2022-37603
was published
for
loader-utils
(npm)
Oct 14, 2022
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
High
CVE-2022-37599
was published
for
loader-utils
(npm)
Oct 12, 2022
fastify vulnerable to denial of service via malicious Content-Type
High
CVE-2022-39288
was published
for
fastify
(npm)
Oct 11, 2022
tiny-csrf has openly visible CSRF tokens
High
CVE-2022-39287
was published
for
tiny-csrf
(npm)
Oct 7, 2022
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
High
CVE-2022-39250
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
High
CVE-2022-39251
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
matrix-js-sdk subject to impersonated messages due to permissive key forwarding
High
CVE-2022-39249
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation
Moderate
CVE-2022-39239
was published
for
@netlify/ipx
(npm)
Sep 21, 2022
oauth2-server through 3.1.1 vulnerable to Open Redirect
High
CVE-2020-26938
was published
for
oauth2-server
(npm)
Aug 30, 2022
Mongoose Vulnerable to Prototype Pollution in Schema Object
Critical
CVE-2022-24304
was published
for
mongoose
(npm)
Aug 27, 2022
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page
Moderate
GHSA-2fvv-qxrq-7jq6
was published
for
apollo-server-core
(npm)
Aug 18, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
Critical
CVE-2020-28441
was published
for
conf-cfg-ini
(npm)
Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`
Critical
CVE-2020-28462
was published
for
ion-parser
(npm)
Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`
Critical
CVE-2020-28461
was published
for
js-ini
(npm)
Jul 26, 2022
ProTip!
Advisories are also available from the
GraphQL API