Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Regular expression Denial of Service in @progfay/scrapbox-parser Moderate
CVE-2021-27405 was published for @progfay/scrapbox-parser (npm) Mar 1, 2021
progfay
Remote code execution via the `pretty` option. Moderate
CVE-2021-21353 was published for pug (npm) Mar 3, 2021
botframework-connector vulnerable to Improper Authentication Moderate
CVE-2021-1725 was published for botframework-connector (npm) Mar 8, 2021
Elliptic Uses a Broken or Risky Cryptographic Algorithm Moderate
CVE-2020-28498 was published for elliptic (npm) Mar 8, 2021
react-dev-utils OS Command Injection in function `getProcessForPort` Moderate
CVE-2021-24033 was published for react-dev-utils (npm) Mar 11, 2021
ansi_up cross-site scripting vulnerability Moderate
CVE-2021-3377 was published for ansi_up (npm) Mar 11, 2021
Verification flaw in Solid identity-token-verifier Moderate
GHSA-xmh9-rg6f-j3mr was published for @solid/identity-token-verifier (npm) Mar 12, 2021
Misinterpretation of malicious XML input Moderate
CVE-2021-21366 was published for xmldom (npm) Mar 12, 2021
jupenur karfau
brody4hire
Prototype poisoning Moderate
CVE-2021-21368 was published for msgpack5 (npm) Mar 12, 2021
ninevra
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS) Moderate
CVE-2021-23346 was published for html-parse-stringify (npm) Mar 18, 2021
Weak JSON Web Token in yapi-vendor Moderate
CVE-2021-27884 was published for yapi-vendor (npm) Mar 26, 2021
netmask npm package mishandles octal input data Moderate
CVE-2021-29418 was published for netmask (npm) Mar 29, 2021
[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values Moderate
CVE-2021-21412 was published for @thi.ng/egf (npm) Apr 6, 2021
erik-krogh
Arbitrary Command Injection in portprocesses Moderate
CVE-2021-23348 was published for portprocesses (npm) Apr 6, 2021
omnitaint
Regular expression Denial of Service in multiple packages Moderate
CVE-2021-21391 was published for @ckeditor/ckeditor5-engine (npm) Apr 6, 2021
mongodb-client-encryption vulnerable to Improper Certificate Validation Moderate
CVE-2021-20327 was published for mongodb-client-encryption (npm) Apr 12, 2021
Improper Neutralization of Input in Theia console Moderate
CVE-2021-28161 was published for @theia/console (npm) Apr 13, 2021
Regular Expression Denial of Service (ReDoS) in es6-crawler-detect Moderate
CVE-2020-28501 was published for es6-crawler-detect (npm) Apr 13, 2021
Cross-site Scripting in vis-timeline Moderate
CVE-2020-28487 was published for vis-timeline (npm) Apr 13, 2021
Prototype Pollution in iniparserjs Moderate
CVE-2021-23328 was published for iniparserjs (npm) Apr 13, 2021
Exposure of Resource to Wrong Sphere in valib Moderate
CVE-2019-10805 was published for valib (npm) Apr 13, 2021
Uncontrolled Resource Consumption in rdf-graph-array Moderate
CVE-2019-10798 was published for rdf-graph-array (npm) Apr 13, 2021
OS Command Injection in rpi Moderate
CVE-2019-10796 was published for rpi (npm) Apr 13, 2021
Prototype pollution in multi-ini Moderate
CVE-2020-28460 was published for multi-ini (npm) Apr 13, 2021
Injection in bodymen Moderate
CVE-2019-10792 was published for bodymen (npm) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database