GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
975 advisories
Filter by severity
Joplin Vulnerable to Cross-site Scripting in Note Content
Moderate
CVE-2018-1000534
was published
for
joplin
(npm)
May 14, 2022
Malicious PDF can inject JavaScript into PDF Viewer
High
CVE-2018-5158
was published
for
pdfjs-dist
(npm)
May 14, 2022
statics-server Cross-site Scripting vulnerability
Moderate
CVE-2018-3771
was published
for
statics-server
(npm)
May 13, 2022
Nuclide Improper Input Validation
Critical
CVE-2018-6333
was published
for
nuclide
(npm)
May 13, 2022
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding
High
CVE-2018-7160
was published
for
node-inspector
(npm)
May 13, 2022
•
withdrawn
Improper handling of multiline messages in node-irc
High
GHSA-52rh-5rpj-c3w6
was published
for
matrix-org-irc
(npm)
May 5, 2022
tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload
Moderate
CVE-2022-25854
was published
for
@yaireo/tagify
(npm)
Apr 30, 2022
Incorrect protocol extraction via \r, \n and \t characters
High
CVE-2022-1243
was published
for
urijs
(npm)
Apr 6, 2022
Cross-site Scripting in @rocket.chat/livechat
Moderate
CVE-2022-21830
was published
for
@rocket.chat/livechat
(npm)
Apr 3, 2022
Embedded Malicious Code in node-ipc
Critical
CVE-2022-23812
was published
for
node-ipc
(npm)
Mar 16, 2022
Spoofing attack in swagger-ui-dist
Moderate
CVE-2021-46708
was published
for
swagger-ui-dist
(npm)
Mar 12, 2022
Cross-site Scripting in markdown-it-highlightjs
Moderate
CVE-2020-7773
was published
for
markdown-it-highlightjs
(npm)
Feb 10, 2022
Joplin Vulnerable to Code Injection
Critical
CVE-2022-23340
was published
for
joplin
(npm)
Feb 9, 2022
Prototype Pollution in putil-merge
High
CVE-2021-23470
was published
for
putil-merge
(npm)
Feb 5, 2022
Infinite loop causing Denial of Service in colors
High
GHSA-5rqg-jm4f-cqx7
was published
for
Colors
(npm)
Jan 10, 2022
Incorrect sanitisation function leads to `XSS` in mermaid
High
CVE-2021-43861
was published
for
mermaid
(npm)
Jan 6, 2022
Cross-site scripting in lazysizes
Moderate
CVE-2020-7642
was published
for
lazysizes
(npm)
Dec 10, 2021
Improper Input Validation in xdLocalStorage
High
CVE-2015-9545
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
Improper Input Validation in xdLocalStorage
High
CVE-2015-9544
was published
for
xdLocalStorage
(npm)
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API