Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,598 advisories

Loading
Prototype Pollution in convict High
CVE-2022-22143 was published for convict (npm) Apr 20, 2022
cristianstaicu arjunshibu
AttesterSlashing number overflow High
CVE-2022-29219 was published for @chainsafe/lodestar (npm) May 24, 2022
Command injection in git-parse High
CVE-2021-26543 was published for git-parse (npm) Feb 10, 2022
Incorrect Permission Assignment for Critical Resource in NPM High
CVE-2018-7408 was published for npm (npm) May 13, 2022
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
Signed to Unsigned Conversion Error in Facebook Hermes High
CVE-2020-1913 was published for hermes-engine (npm) May 24, 2022
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov High
CVE-2020-7596 was published for codecov (npm) May 24, 2022
mmcshinsky-bitgo
Improper Control of Generation of Code in doT High
CVE-2020-8141 was published for dot (npm) May 24, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi High
CVE-2022-30618 was published for @strapi/strapi (npm) May 20, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi High
CVE-2022-30617 was published for @strapi/strapi (npm) May 20, 2022
Any logged in user could edit any other logged in user. High
CVE-2021-29452 was published for @curveball/a12n-server (npm) Apr 19, 2021
Out-of-bounds Read in Facebook Hermes High
CVE-2020-1915 was published for hermes-engine (npm) May 24, 2022
DanielSinclair Nsquik
troZee CHaNGeTe ivan-mattr mmehtonen-24i
Prototype pollution in @strikeentco/set High
CVE-2020-28267 was published for @strikeentco/set (npm) May 24, 2022
jhutchings1
oauth2-server through 3.1.1 vulnerable to Open Redirect High
CVE-2020-26938 was published for oauth2-server (npm) Aug 30, 2022
Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes High
CVE-2020-1912 was published for hermes-engine (npm) May 24, 2022
react-dev-utils on Windows vulnerable to Remote Code Execution High
CVE-2018-6342 was published for react-dev-utils (npm) Jan 4, 2019
OpenPGP 1.2.0 and earlier decrypts arbitrary messages High
CVE-2015-8013 was published for openpgp (npm) May 17, 2022
jhutchings1
NodeBB account takeover via SSO plugins High
CVE-2022-36076 was published for nodebb (npm) Sep 16, 2022
OS Command Injection in lifion-verify-deps High
CVE-2021-34078 was published for lifion-verify-deps (npm) Jun 3, 2022
OS Command Injection in gitsome High
CVE-2021-34081 was published for gitsome (npm) Jun 3, 2022
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx High
CVE-2022-25863 was published for gatsby-plugin-mdx (npm) Jun 3, 2022
Signature bypass via multiple root elements High
CVE-2022-39299 was published for @node-saml/node-saml (npm) Oct 12, 2022
felixwilhelm
Command injection in google-it High
CVE-2021-34083 was published for google-it (npm) Jun 3, 2022
Infinite loop in jpeg-js High
CVE-2022-25851 was published for jpeg-js (npm) Jun 11, 2022
Unhandled crash in npm posix High
CVE-2022-21211 was published for posix (npm) Jun 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database