Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,598 advisories

Loading
node-qpdf vulnerable to command injection High
CVE-2023-26155 was published for node-qpdf (npm) Oct 14, 2023
Uptime Kuma has Persistentent User Sessions High
CVE-2023-44400 was published for uptime-kuma (npm) Oct 10, 2023
Nansess dj4oC
Prototype Pollution in NASA Open MCT High
CVE-2023-45282 was published for openmct (npm) Oct 6, 2023
Zod denial of service vulnerability during email validation High
GHSA-mvrp-3cvx-c325 was published for express-zod-api (npm) Oct 4, 2023
static-server Path Traversal vulnerability High
CVE-2023-26152 was published for static-server (npm) Oct 3, 2023
Electron affected by libvpx's heap buffer overflow in vp8 encoding High
CVE-2023-5217 was published for electron (npm) Sep 28, 2023
janparisek Tech-TTGames
@napi-rs/image affected by libwebp CVE High
GHSA-4vjr-crvh-383h was published for @napi-rs/image (npm) Sep 27, 2023
delroth
Chaijs/get-func-name vulnerable to ReDoS High
CVE-2023-43646 was published for get-func-name (npm) Sep 27, 2023
GAP-dev keithamus
FUXA vulnerable to Local File Inclusion High
CVE-2023-31716 was published for @frangoteam/fuxa (npm) Sep 22, 2023
FUXA local file inclusion vulnerability High
CVE-2023-31718 was published for fuxa-server (npm) Sep 22, 2023
FUXA SQL Injection vulnerability High
CVE-2023-31717 was published for fuxa-server (npm) Sep 22, 2023
Directus affected by VM2 sandbox escape vulnerability High
GHSA-22rr-f3p8-5gf8 was published for directus (npm) Sep 15, 2023
ganlhi Swatto
leesh3288
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 derrickmehaffy
innerdvations alexandrebodin
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Nachtalb
pshelton-skype
Hexo `include_code` has a path traversal High
CVE-2023-39584 was published for hexo (npm) Sep 8, 2023
uiolee
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled High
CVE-2023-23623 was published for electron (npm) Sep 6, 2023
andreasdj
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer High
CVE-2023-41058 was published for parse-server (npm) Sep 4, 2023
Moumouls mtrezza
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client High
CVE-2023-41049 was published for @dcl/single-sign-on-client (npm) Sep 4, 2023
MathJax Regular expression Denial of Service (ReDoS) High
CVE-2023-39663 was published for mathjax (npm) Aug 29, 2023
webui-aria2 Path Traversal vulnerability High
CVE-2023-39141 was published for webui-aria2 (npm) Aug 22, 2023
JafarAkhondali
Shescape on Windows escaping may be bypassed in threaded context High
CVE-2023-40185 was published for shescape (npm) Aug 22, 2023
Unsanitized user controlled input in module generation High
GHSA-f8pq-3926-8gx5 was published for @opentelemetry/instrumentation (npm) Aug 9, 2023
Qard
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory High
GHSA-r3hf-q8q7-fv2p was published for @nguniversal/common (npm) Aug 9, 2023
import-in-the-middle has unsanitized user controlled input in module generation High
CVE-2023-38704 was published for import-in-the-middle (npm) Aug 8, 2023
pnpm incorrectly parses tar archives relative to specification High
CVE-2023-37478 was published for @pnpm/cafs (npm) Aug 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database