GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
975 advisories
Filter by severity
Server side request forgery in SwaggerUI
Moderate
GHSA-qrmm-w75w-3wpx
was published
for
Swashbuckle.AspNetCore.SwaggerUI
(npm)
Dec 9, 2021
Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend
High
CVE-2021-43776
was published
for
@backstage/plugin-auth-backend
(npm)
Dec 1, 2021
RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend
High
GHSA-2g8g-63j4-9w3r
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Dec 1, 2021
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
High
CVE-2021-43785
was published
for
@joeattardi/emoji-button
(npm)
Dec 1, 2021
Path Traversal in @backstage/plugin-scaffolder-backend
High
CVE-2021-43783
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Dec 1, 2021
XSS via prototype pollution in NodeBB
Critical
CVE-2021-43787
was published
for
nodebb
(npm)
Nov 30, 2021
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
High
CVE-2020-28472
was published
for
@aws-sdk/shared-ini-file-loader
(npm)
Nov 16, 2021
Cross-site Scripting in apostrophe
Moderate
CVE-2021-25978
was published
for
apostrophe
(npm)
Nov 10, 2021
XSS vulnerability allowing arbitrary JavaScript execution
Moderate
CVE-2021-41174
was published
for
@grafana/data
(npm)
Nov 8, 2021
XSS vulnerability in GraphQL Playground from untrusted schemas
High
CVE-2021-41249
was published
for
graphql-playground-react
(npm)
Nov 8, 2021
GraphiQL introspection schema template injection attack
High
CVE-2021-41248
was published
for
graphiql
(npm)
Nov 8, 2021
Embedded malware in ua-parser-js
High
GHSA-pjwm-rvh2-c87w
was published
for
ua-parser-js
(npm)
Oct 22, 2021
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2024-21908
was published
for
TinyMCE
(Composer)
Oct 22, 2021
Path Traversal in @backstage/plugin-scaffolder-backend
Moderate
CVE-2021-41151
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Oct 19, 2021
Cross Site Request Forgery in kindeditor
High
CVE-2021-42228
was published
for
kindeditor
(npm)
Oct 18, 2021
SQL Injection and Cross-site Scripting in class-validator
Critical
CVE-2019-18413
was published
for
class-validator
(npm)
Oct 12, 2021
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Moderate
CVE-2021-40823
was published
for
matrix-js-sdk
(npm)
Sep 14, 2021
Cross-site Scripting in file-upload-with-preview
Moderate
CVE-2021-23439
was published
for
file-upload-with-preview
(npm)
Sep 7, 2021
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown
Critical
GHSA-2c83-wfv3-q25f
was published
for
rebber
(npm)
Sep 7, 2021
Incorrect version tags linked to external repository
Critical
GHSA-593v-wcqx-hq2w
was published
for
parse-server
(npm)
Sep 7, 2021
Remote code execution in Eclipse Theia
High
CVE-2021-34435
was published
for
@theia/mini-browser
(npm)
Sep 2, 2021
ProTip!
Advisories are also available from the
GraphQL API