GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
975 advisories
Filter by severity
convert-svg-core vulnerable to remote code injection
Critical
CVE-2022-25759
was published
for
convert-svg-core
(npm)
Jul 23, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
fastify-bearer-auth vulnerable to Timing Attack Vector
High
CVE-2022-31142
was published
for
@fastify/bearer-auth
(npm)
Jul 15, 2022
Strapi 4.1.12 Cross-site Scripting via crafted file
Moderate
CVE-2022-32114
was published
for
@strapi/strapi
(npm)
Jul 14, 2022
Path traversal for local publishers in TechDocs backend
Moderate
GHSA-4jqc-jvh2-pxg9
was published
for
@backstage/plugin-techdocs-node
(npm)
Jun 17, 2022
AutoUpdater module fails to validate certain nested components of the bundle
Moderate
CVE-2022-29257
was published
for
electron
(npm)
Jun 16, 2022
Kibana Sensitive Data Disclosure
Moderate
CVE-2021-37939
was published
for
kibana
(npm)
May 24, 2022
AttesterSlashing number overflow
High
CVE-2022-29219
was published
for
@chainsafe/lodestar
(npm)
May 24, 2022
mootools-more vulnerable to prototype pollution
High
CVE-2021-20088
was published
for
mootools-more
(npm)
May 24, 2022
Cross-site Scripting in Auth0 Lock
Moderate
CVE-2022-29172
was published
for
auth0-lock
(npm)
May 24, 2022
Obsidian Dataview vulnerable to code injection due to unsafe eval
High
CVE-2021-42057
was published
for
obsidian-dataview
(npm)
May 24, 2022
deep-defaults vulnerable to prototype pollution
Critical
CVE-2021-25944
was published
for
deep-defaults
(npm)
May 24, 2022
jquery-plugin-query-object contains prototype pollution vulnerability
High
CVE-2021-20083
was published
for
jquery-query-object
(npm)
May 24, 2022
Changeset vulnerable to prototype pollution
Critical
CVE-2021-25915
was published
for
changeset
(npm)
May 24, 2022
Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom
Low
CVE-2021-20066
was published
for
jsdom
(npm)
May 24, 2022
•
withdrawn
dset vulnerable to prototype pollution
Critical
CVE-2020-28277
was published
for
dset
(npm)
May 24, 2022
shvl vulnerable to prototype pollution
Critical
CVE-2020-28278
was published
for
shvl
(npm)
May 24, 2022
keyget vulnerable to prototype pollution
Critical
CVE-2020-28272
was published
for
keyget
(npm)
May 24, 2022
Duplicate Advisory: Kerberos for NodeJS allows DLL Injection
High
GHSA-f478-xwv9-p93q
was published
for
kerberos
(npm)
May 24, 2022
•
withdrawn
Improper handling of multiline messages in node-irc affects matrix-appservice-irc
High
CVE-2022-29166
was published
for
matrix-appservice-irc
(npm)
May 23, 2022
ProTip!
Advisories are also available from the
GraphQL API