Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Path Traversal in jsreport-chrome-pdf Moderate
CVE-2020-7762 was published for jsreport-chrome-pdf (npm) Apr 13, 2021
Cross-site scripting in SocksJS-node Moderate
CVE-2020-8823 was published for sockjs (npm) Apr 13, 2021
Improper Input Validation in SocksJS-Node Moderate
CVE-2020-7693 was published for sockjs (npm) Apr 13, 2021
Improper Control of Dynamically-Managed Code Resources in config-shield Moderate
CVE-2021-26276 was published for config-shield (npm) Apr 13, 2021
Arbitrary code execution in kill-by-port Moderate
CVE-2021-23363 was published for kill-by-port (npm) Apr 13, 2021
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs Moderate
CVE-2021-29438 was published for @nextcloud/dialogs (npm) Apr 16, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose Moderate
CVE-2021-29443 was published for jose (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime Moderate
CVE-2021-29444 was published for jose-browser-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime Moderate
CVE-2021-29445 was published for jose-node-esm-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime Moderate
CVE-2021-29446 was published for jose-node-cjs-runtime (npm) Apr 19, 2021
DOM XSS in Theme Preview Moderate
CVE-2021-29484 was published for ghost (npm) Apr 29, 2021
tdunlap607
Cross-site Scripting in React Draft Wysiwyg Moderate
CVE-2021-31712 was published for react-draft-wysiwyg (npm) May 6, 2021
Arbitrary command execution in roar-pidusage Moderate
CVE-2021-23380 was published for roar-pidusage (npm) May 6, 2021
Improper Input Validation in sanitize-html Moderate
CVE-2021-26539 was published for sanitize-html (npm) May 6, 2021
tdunlap607
Improper Input Validation in sanitize-html Moderate
CVE-2021-26540 was published for sanitize-html (npm) May 6, 2021
Regular Expression Denial of Service in hosted-git-info Moderate
CVE-2021-23362 was published for hosted-git-info (npm) May 6, 2021
Path traversal in url-parse Moderate
CVE-2021-27515 was published for url-parse (npm) May 6, 2021
Duplicate Advisory: Cross-site scripting in TinyMCE Moderate
GHSA-p7j5-4mwm-hv86 was published for tinymce (npm) May 6, 2021 withdrawn
Uncontrolled Resource Consumption in fastify-multipart Moderate
CVE-2020-8136 was published for fastify-multipart (npm) May 6, 2021
Server-side request forgery in Ghost CMS Moderate
CVE-2020-8134 was published for ghost (npm) May 6, 2021
Improper Input Validation in Google Closure Library Moderate
CVE-2020-8910 was published for google-closure-library (npm) May 7, 2021
Cross-site Scripting in PrimeFaces Moderate
CVE-2020-10544 was published for org.primefaces:primefaces (Maven) May 7, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen Moderate
CVE-2020-7600 was published for querymen (npm) May 7, 2021
Cross-site Scripting in Joplin Moderate
CVE-2020-15930 was published for joplin (npm) May 7, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util Moderate
CVE-2019-10806 was published for vega-util (npm) May 7, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database