Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Cross-site Scripting (XSS) in serve-lite Moderate
CVE-2022-25847 was published for serve-lite (npm) Jan 26, 2023
lirantal
Open Redirect in hekto Moderate
CVE-2018-3743 was published for hekto (npm) Jul 18, 2018
Path Traversal in glance Moderate
CVE-2018-3715 was published for glance (npm) Jul 26, 2018
Stored Cross-Site Scripting in simplehttpserver Moderate
CVE-2018-3716 was published for simplehttpserver (npm) Jul 26, 2018
metascraper before v5.2.0 vulnerable to stored cross-site scripting Moderate
CVE-2018-3773 was published for metascraper (npm) Aug 8, 2018
Cross-site Scripting (XSS) - Stored in crud-file-server Moderate
CVE-2018-3726 was published for crud-file-server (npm) Jul 18, 2018
CKEditor5 cross-site scripting vulnerability caused by the editor instance destroying process Moderate
CVE-2022-31175 was published for @ckeditor/ckeditor5-html-embed (npm) Aug 6, 2022
@ianwalter/merge Prototype Pollution via `merge` function Moderate
CVE-2021-23397 was published for @ianwalter/merge (npm) Jul 26, 2022
RDIL
nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit Moderate
CVE-2022-41777 was published for nadesiko3 (npm) Dec 5, 2022
Toast UI Grid vulnerable to Cross-site Scripting Moderate
CVE-2022-23458 was published for tui-grid (npm) Sep 23, 2022
Fastify: Incorrect Content-Type parsing can lead to CSRF attack Moderate
CVE-2022-41919 was published for fastify (npm) Nov 21, 2022
Ry0taK
Authentication Bypass for passport-wsfed-saml2 Moderate
CVE-2022-23505 was published for passport-wsfed-saml2 (npm) Dec 13, 2022
Prototype Pollution in dset Moderate
CVE-2022-25645 was published for dset (Maven) May 3, 2022
materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input Moderate
CVE-2022-25349 was published for materialize-css (npm) May 3, 2022
Cross-site Scripting in video.js Moderate
CVE-2021-23414 was published for video.js (npm) Aug 10, 2021
Cross-site Scripting in NodeBB Moderate
CVE-2015-9286 was published for nodebb (npm) May 1, 2019
Cross-site Scripting in jquery.json-viewer Moderate
CVE-2022-30241 was published for jquery.json-viewer (npm) May 5, 2022
Cross site scripting in code-server Moderate
CVE-2021-42648 was published for code-server (npm) May 12, 2022
Forced Logout in keycloak-connect Moderate
CVE-2019-10157 was published for keycloak-connect (npm) Jun 13, 2019
Out-of-bounds Read in stringstream Moderate
CVE-2018-21270 was published for stringstream (npm) Jun 20, 2019
Cross-site Scripting in pandao editor.md Moderate
CVE-2019-14517 was published for editor.md (npm) Aug 23, 2019
Invalid Curve Attack in openpgp Moderate
CVE-2019-9155 was published for openpgp (npm) Aug 23, 2019
Cross-site Scripting in node-red-dashboard Moderate
CVE-2019-10756 was published for node-red-dashboard (npm) Oct 25, 2019
Cross-site Scripting in pandao Moderate
CVE-2019-14653 was published for editor.md (npm) Aug 23, 2019
XSS in knockout Moderate
CVE-2019-14862 was published for knockout (npm) Apr 1, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database