Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

421 advisories

Loading
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint Critical
CVE-2023-49785 was published for nextchat (npm) Aug 5, 2024
nvn1729
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability Critical
CVE-2024-32964 was published for @lobehub/chat (npm) May 10, 2024
yyzsec
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing Critical
CVE-2024-32962 was published for xml-crypto (npm) May 1, 2024
JSONata expression can pollute the "Object" prototype Critical
CVE-2024-27307 was published for jsonata (npm) Mar 4, 2024
AlbertSPedersen
Arbitrary remote code execution within `wrangler dev` Workers sandbox Critical
CVE-2023-7080 was published for wrangler (npm) Jan 3, 2024
Lekensteyn
openssl npm package vulnerable to command execution Critical
CVE-2023-49210 was published for openssl (npm) Nov 23, 2023
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code Critical
CVE-2023-45133 was published for @babel/traverse (npm) Oct 16, 2023
SteakEnthusiast ashdude1401
nicolo-ribaudo Apetree100122 ebickle
Command Injection Vulnerability in find-exec Critical
CVE-2023-40582 was published for find-exec (npm) Aug 30, 2023
miguelafmonteiro
external-svg-loader Cross-site Scripting vulnerability Critical
CVE-2023-40013 was published for external-svg-loader (npm) Aug 14, 2023
r00tdaemon
git-commit-info vulnerable to Command Injection Critical
CVE-2023-26134 was published for git-commit-info (npm) Jun 28, 2023
Malware in pre-build binaries of bignum Critical
GHSA-7cgc-fjv4-52x6 was published for bignum (npm) May 24, 2023
calebbrown rvagg
jsreport vulnerable to code injection Critical
CVE-2023-2583 was published for jsreport (npm) May 8, 2023
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
Insufficient validation when decoding a Socket.IO packet Critical
CVE-2022-2421 was published for socket.io-parser (npm) Oct 26, 2022
darrachequesne kurt-r2c
Mongoose Vulnerable to Prototype Pollution in Schema Object Critical
CVE-2022-24304 was published for mongoose (npm) Aug 27, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2 Critical
CVE-2020-28441 was published for conf-cfg-ini (npm) Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse` Critical
CVE-2020-28462 was published for ion-parser (npm) Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse` Critical
CVE-2020-28461 was published for js-ini (npm) Jul 26, 2022
convert-svg-core vulnerable to remote code injection Critical
CVE-2022-25759 was published for convert-svg-core (npm) Jul 23, 2022
deep-defaults vulnerable to prototype pollution Critical
CVE-2021-25944 was published for deep-defaults (npm) May 24, 2022
Changeset vulnerable to prototype pollution Critical
CVE-2021-25915 was published for changeset (npm) May 24, 2022
dset vulnerable to prototype pollution Critical
CVE-2020-28277 was published for dset (npm) May 24, 2022
shvl vulnerable to prototype pollution Critical
CVE-2020-28278 was published for shvl (npm) May 24, 2022
keyget vulnerable to prototype pollution Critical
CVE-2020-28272 was published for keyget (npm) May 24, 2022
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database