Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

975 advisories

Loading
convert-svg-core vulnerable to remote code injection Critical
CVE-2022-25759 was published for convert-svg-core (npm) Jul 23, 2022
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron
fastify-bearer-auth vulnerable to Timing Attack Vector High
CVE-2022-31142 was published for @fastify/bearer-auth (npm) Jul 15, 2022
Uzlopak
Strapi 4.1.12 Cross-site Scripting via crafted file Moderate
CVE-2022-32114 was published for @strapi/strapi (npm) Jul 14, 2022
Improper handling of email input High
CVE-2022-31127 was published for next-auth (npm) Jul 6, 2022
Sandiipmaity
Path traversal for local publishers in TechDocs backend Moderate
GHSA-4jqc-jvh2-pxg9 was published for @backstage/plugin-techdocs-node (npm) Jun 17, 2022
AutoUpdater module fails to validate certain nested components of the bundle Moderate
CVE-2022-29257 was published for electron (npm) Jun 16, 2022
Kibana Sensitive Data Disclosure Moderate
CVE-2021-37939 was published for kibana (npm) May 24, 2022
AttesterSlashing number overflow High
CVE-2022-29219 was published for @chainsafe/lodestar (npm) May 24, 2022
mootools-more vulnerable to prototype pollution High
CVE-2021-20088 was published for mootools-more (npm) May 24, 2022
Cross-site Scripting in Auth0 Lock Moderate
CVE-2022-29172 was published for auth0-lock (npm) May 24, 2022
Obsidian Dataview vulnerable to code injection due to unsafe eval High
CVE-2021-42057 was published for obsidian-dataview (npm) May 24, 2022
deep-defaults vulnerable to prototype pollution Critical
CVE-2021-25944 was published for deep-defaults (npm) May 24, 2022
jquery-plugin-query-object contains prototype pollution vulnerability High
CVE-2021-20083 was published for jquery-query-object (npm) May 24, 2022
Changeset vulnerable to prototype pollution Critical
CVE-2021-25915 was published for changeset (npm) May 24, 2022
Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom Low
CVE-2021-20066 was published for jsdom (npm) May 24, 2022 withdrawn
jhagege
dset vulnerable to prototype pollution Critical
CVE-2020-28277 was published for dset (npm) May 24, 2022
shvl vulnerable to prototype pollution Critical
CVE-2020-28278 was published for shvl (npm) May 24, 2022
keyget vulnerable to prototype pollution Critical
CVE-2020-28272 was published for keyget (npm) May 24, 2022
Duplicate Advisory: Kerberos for NodeJS allows DLL Injection High
GHSA-f478-xwv9-p93q was published for kerberos (npm) May 24, 2022 withdrawn
Cezerin Unauthorized Acces High
CVE-2019-18608 was published for cezerin (npm) May 24, 2022
Total.js CMS Path Traversal High
CVE-2019-15952 was published for total4 (npm) May 24, 2022
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
Improper handling of multiline messages in node-irc affects matrix-appservice-irc High
CVE-2022-29166 was published for matrix-appservice-irc (npm) May 23, 2022
Crash in HeaderParser in dicer High
CVE-2022-24434 was published for dicer (Maven) May 21, 2022
dloetzke
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database