Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Cross-site Scripting in Joplin Moderate
CVE-2020-15930 was published for joplin (npm) May 7, 2021
npm CLI exposing sensitive information through logs Moderate
CVE-2020-15095 was published for npm (npm) Jul 7, 2020
NodeBB vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-3978 was published for nodebb (npm) Nov 13, 2022
prismjs Regular Expression Denial of Service vulnerability Moderate
CVE-2021-3801 was published for prismjs (npm) Sep 20, 2021
a12nserver vulnerable to potential SQL Injections via Knex dependency Moderate
GHSA-crhg-xgrg-vvcc was published for @curveball/a12n-server (npm) Jan 13, 2023
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute Moderate
CVE-2022-21169 was published for express-xss-sanitizer (npm) Sep 27, 2022
Upstash Adapter missing token verification Moderate
CVE-2022-39263 was published for @next-auth/upstash-redis-adapter (npm) Sep 30, 2022
voinik
Improper Input Validation in Google Closure Library Moderate
CVE-2020-8910 was published for google-closure-library (npm) May 7, 2021
deep-parse-json vulnerable to Prototype Pollution Moderate
CVE-2022-42743 was published for deep-parse-json (npm) Nov 4, 2022
Unexpected server crash in Next.js Moderate
CVE-2022-36046 was published for next (npm) Aug 30, 2022
fastest-json-copy vulnerable to Prototype Pollution Moderate
CVE-2022-41714 was published for fastest-json-copy (npm) Nov 4, 2022
DOM-based cross-site scripting in Froala Editor Moderate
CVE-2019-19935 was published for froala-editor (npm) Feb 10, 2022
erik-krogh
Prototype poisoning Moderate
CVE-2021-21368 was published for msgpack5 (npm) Mar 12, 2021
ninevra
angular vulnerable to regular expression denial of service (ReDoS) Moderate
CVE-2022-25844 was published for angular (npm) May 3, 2022
markdown-it-decorate vulnerable to cross-site scripting (XSS) Moderate
CVE-2020-28459 was published for markdown-it-decorate (npm) Jul 19, 2022
Smoothie vulnerable to Cross-site Scripting when tooltipLabel or strokeStyle are controlled by users Moderate
CVE-2022-25929 was published for smoothie (npm) Dec 21, 2022
WofWca
Improper beacon events in matrix-js-sdk can result in availability issues Moderate
CVE-2022-39236 was published for matrix-js-sdk (npm) Sep 29, 2022
CKEditor 5 Markdown plugin Regular expression Denial of Service Moderate
CVE-2021-21254 was published for @ckeditor/ckeditor5-markdown-gfm (npm) Jan 29, 2021
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API Moderate
CVE-2021-39184 was published for electron (npm) Oct 12, 2021
nornagon
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details Moderate
CVE-2022-39350 was published for @dependencytrack/frontend (npm) Oct 25, 2022
Waterstraal
jsx-slack insufficient patch for CVE-2021-43838 ReDoS Moderate
CVE-2021-43843 was published for jsx-slack (npm) Jan 6, 2022
hieki
Vuetify Cross-site Scripting vulnerability Moderate
CVE-2022-25873 was published for org.webjars.npm:vuetify (Maven) Sep 19, 2022
tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload Moderate
CVE-2022-25854 was published for @yaireo/tagify (npm) Apr 30, 2022
Exfiltration of hashed SMB credentials on Windows via file:// redirect Moderate
CVE-2022-36077 was published for electron (npm) Nov 10, 2022
coolcoolnoworries
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database