Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Improper Neutralization of Input During Web Page Generation in swagger-ui Moderate
CVE-2016-1000229 was published for swagger-ui (npm) May 24, 2022
Improper Neutralization of Input During Web Page Generation in Select2 Moderate
CVE-2016-10744 was published for select2 (npm) May 14, 2022
Improper Input Validation in strapi Moderate
CVE-2020-13961 was published for strapi (npm) May 24, 2022
react-dev-utils OS Command Injection in function `getProcessForPort` Moderate
CVE-2021-24033 was published for react-dev-utils (npm) Mar 11, 2021
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes Moderate
CVE-2019-14863 was published for angular (npm) Feb 14, 2020
Android WebView Universal Cross-site Scripting Moderate
CVE-2020-6506 was published for react-native-webview (npm) Oct 2, 2020
alesandroortiz
Missing Cryptographic Step in cassproject Moderate
CVE-2022-29229 was published for cassproject (npm) May 25, 2022
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release Moderate
CVE-2022-31051 was published for semantic-release (npm) Jun 9, 2022
dmosen
Cross-site Scripting in Strapi Moderate
CVE-2022-29894 was published for strapi (npm) Jun 14, 2022
Cross-site Scripting in NocoDB Moderate
CVE-2022-2079 was published for nocodb (npm) Jun 15, 2022
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy Moderate
CVE-2022-31070 was published for @finastra/nestjs-proxy (npm) Jun 17, 2022
kronoshadow
Out-of-bounds Read in fast-string-search Moderate
CVE-2022-25872 was published for fast-string-search (npm) Jun 18, 2022
Prototype Pollution in querymen Moderate
CVE-2022-25871 was published for querymen (npm) Jun 18, 2022
AutoUpdater module fails to validate certain nested components of the bundle Moderate
CVE-2022-29257 was published for electron (npm) Jun 16, 2022
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy Moderate
CVE-2022-31069 was published for @finastra/nestjs-proxy (npm) Jun 17, 2022
kronoshadow
Cross site scripting in parse-url Moderate
CVE-2022-2217 was published for parse-url (npm) Jun 28, 2022
Got allows a redirect to a UNIX socket Moderate
CVE-2022-33987 was published for got (npm) Jun 19, 2022
sonicdoe
Server-Side Request Forgery in Directus Moderate
CVE-2022-23080 was published for directus (npm) Jun 23, 2022
Server-Side Request Forgery in link-preview-js Moderate
CVE-2022-25876 was published for link-preview-js (npm) Jul 2, 2022
jhutchings1
Cross site scripting in parse-url Moderate
CVE-2022-2218 was published for parse-url (npm) Jun 28, 2022
Oils JS vulnerable to Open Redirect Moderate
CVE-2021-4260 was published for oils (npm) Dec 19, 2022
snyk-broker Path Traversal before v4.73.0 Moderate
CVE-2020-7649 was published for snyk-broker (npm) Jul 26, 2022
parse-server's session object properties can be updated by foreign user if object ID is known Moderate
CVE-2022-39225 was published for parse-server (npm) Sep 21, 2022
fhir-works-on-aws-authz-smart handles permissions improperly Moderate
CVE-2022-39230 was published for fhir-works-on-aws-authz-smart (npm) Sep 21, 2022
markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped Moderate
CVE-2020-28455 was published for markdown-it-toc (npm) Jul 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database