Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

975 advisories

Loading
Joplin Vulnerable to Cross-site Scripting in Note Content Moderate
CVE-2018-1000534 was published for joplin (npm) May 14, 2022
Malicious PDF can inject JavaScript into PDF Viewer High
CVE-2018-5158 was published for pdfjs-dist (npm) May 14, 2022
Rob--W
statics-server Cross-site Scripting vulnerability Moderate
CVE-2018-3771 was published for statics-server (npm) May 13, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding High
CVE-2018-7160 was published for node-inspector (npm) May 13, 2022 withdrawn
Improper handling of multiline messages in node-irc High
GHSA-52rh-5rpj-c3w6 was published for matrix-org-irc (npm) May 5, 2022
kurt-r2c
Prototype Pollution in dset Moderate
CVE-2022-25645 was published for dset (Maven) May 3, 2022
tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload Moderate
CVE-2022-25854 was published for @yaireo/tagify (npm) Apr 30, 2022
Prototype Pollution in convict High
CVE-2022-22143 was published for convict (npm) Apr 20, 2022
cristianstaicu arjunshibu
Prototype Pollution in async High
CVE-2021-43138 was published for async (npm) Apr 7, 2022
dargmuesli FrederikBolding
jomi-se azaleski morenol MaxLian11
Incorrect protocol extraction via \r, \n and \t characters High
CVE-2022-1243 was published for urijs (npm) Apr 6, 2022
Haxatron chrisbloom7
Cross-site Scripting in @rocket.chat/livechat Moderate
CVE-2022-21830 was published for @rocket.chat/livechat (npm) Apr 3, 2022
Untrusted Search Path in PNPM High
CVE-2022-26183 was published for pnpm (npm) Mar 23, 2022
Embedded Malicious Code in node-ipc Critical
CVE-2022-23812 was published for node-ipc (npm) Mar 16, 2022
Spoofing attack in swagger-ui-dist Moderate
CVE-2021-46708 was published for swagger-ui-dist (npm) Mar 12, 2022
Cross-site Scripting in markdown-it-highlightjs Moderate
CVE-2020-7773 was published for markdown-it-highlightjs (npm) Feb 10, 2022
Code Injection in jsen High
CVE-2020-7777 was published for jsen (npm) Feb 10, 2022
Path Traversal in Yarn High
CVE-2020-8131 was published for yarn (npm) Feb 9, 2022
Joplin Vulnerable to Code Injection Critical
CVE-2022-23340 was published for joplin (npm) Feb 9, 2022
Prototype Pollution in putil-merge High
CVE-2021-23470 was published for putil-merge (npm) Feb 5, 2022
Infinite loop causing Denial of Service in colors High
GHSA-5rqg-jm4f-cqx7 was published for Colors (npm) Jan 10, 2022
G-Rath
Incorrect sanitisation function leads to `XSS` in mermaid High
CVE-2021-43861 was published for mermaid (npm) Jan 6, 2022
Cross-site scripting in lazysizes Moderate
CVE-2020-7642 was published for lazysizes (npm) Dec 10, 2021
Improper Input Validation in xdLocalStorage High
CVE-2015-9545 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
Improper Input Validation in xdLocalStorage High
CVE-2015-9544 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database