GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
421 advisories
Filter by severity
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Critical
CVE-2024-32964
was published
for
@lobehub/chat
(npm)
May 10, 2024
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Critical
CVE-2024-32962
was published
for
xml-crypto
(npm)
May 1, 2024
JSONata expression can pollute the "Object" prototype
Critical
CVE-2024-27307
was published
for
jsonata
(npm)
Mar 4, 2024
Arbitrary remote code execution within `wrangler dev` Workers sandbox
Critical
CVE-2023-7080
was published
for
wrangler
(npm)
Jan 3, 2024
openssl npm package vulnerable to command execution
Critical
CVE-2023-49210
was published
for
openssl
(npm)
Nov 23, 2023
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
Command Injection Vulnerability in find-exec
Critical
CVE-2023-40582
was published
for
find-exec
(npm)
Aug 30, 2023
external-svg-loader Cross-site Scripting vulnerability
Critical
CVE-2023-40013
was published
for
external-svg-loader
(npm)
Aug 14, 2023
git-commit-info vulnerable to Command Injection
Critical
CVE-2023-26134
was published
for
git-commit-info
(npm)
Jun 28, 2023
Malware in pre-build binaries of bignum
Critical
GHSA-7cgc-fjv4-52x6
was published
for
bignum
(npm)
May 24, 2023
jsreport vulnerable to code injection
Critical
CVE-2023-2583
was published
for
jsreport
(npm)
May 8, 2023
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Critical
CVE-2023-22621
was published
for
@strapi/plugin-email
(npm)
Apr 19, 2023
Insufficient validation when decoding a Socket.IO packet
Critical
CVE-2022-2421
was published
for
socket.io-parser
(npm)
Oct 26, 2022
Mongoose Vulnerable to Prototype Pollution in Schema Object
Critical
CVE-2022-24304
was published
for
mongoose
(npm)
Aug 27, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
Critical
CVE-2020-28441
was published
for
conf-cfg-ini
(npm)
Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`
Critical
CVE-2020-28462
was published
for
ion-parser
(npm)
Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`
Critical
CVE-2020-28461
was published
for
js-ini
(npm)
Jul 26, 2022
convert-svg-core vulnerable to remote code injection
Critical
CVE-2022-25759
was published
for
convert-svg-core
(npm)
Jul 23, 2022
deep-defaults vulnerable to prototype pollution
Critical
CVE-2021-25944
was published
for
deep-defaults
(npm)
May 24, 2022
Changeset vulnerable to prototype pollution
Critical
CVE-2021-25915
was published
for
changeset
(npm)
May 24, 2022
dset vulnerable to prototype pollution
Critical
CVE-2020-28277
was published
for
dset
(npm)
May 24, 2022
shvl vulnerable to prototype pollution
Critical
CVE-2020-28278
was published
for
shvl
(npm)
May 24, 2022
keyget vulnerable to prototype pollution
Critical
CVE-2020-28272
was published
for
keyget
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API