Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Regular expression denial of service in @absolunet/kafe Moderate
CVE-2020-7761 was published for @absolunet/kafe (npm) May 10, 2021
Uncontrolled Resource Consumption in fastify-multipart Moderate
CVE-2020-8136 was published for fastify-multipart (npm) May 6, 2021
Path Traversal in droppy Moderate
CVE-2020-7757 was published for droppy (npm) May 10, 2021
OS Command Injection in mversion Moderate
CVE-2020-7688 was published for mversion (npm) May 17, 2021
Regular Expression Denial of Service in postcss Moderate
CVE-2021-23368 was published for postcss (npm) May 10, 2021
Cross-site scripting in Joplin Moderate
CVE-2020-28249 was published for joplin (npm) May 10, 2021
Cross-site Scripting in lightning-server Moderate
CVE-2020-7747 was published for lightning-server (npm) May 10, 2021
OS Command Injection in ng-packagr Moderate
CVE-2020-7735 was published for ng-packagr (npm) May 7, 2021
Cross-site Scripting in aurelia-framework Moderate
CVE-2019-10062 was published for aurelia-framework (npm) Feb 10, 2022
mroeling bigopon
Uncontrolled Resource Consumption in rdf-graph-array Moderate
CVE-2019-10798 was published for rdf-graph-array (npm) Apr 13, 2021
Exposure of Resource to Wrong Sphere in valib Moderate
CVE-2019-10805 was published for valib (npm) Apr 13, 2021
Command Injection in @theia/messages Moderate
CVE-2021-28162 was published for @theia/messages (npm) May 10, 2021
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs Moderate
CVE-2021-29438 was published for @nextcloud/dialogs (npm) Apr 16, 2021
Uncontrolled Resource Consumption in firebase Moderate
CVE-2020-7765 was published for @firebase/util (npm) May 18, 2021
Server-side request forgery in Ghost CMS Moderate
CVE-2020-8134 was published for ghost (npm) May 6, 2021
Cross-site Scripting in docsify Moderate
CVE-2020-7680 was published for docsify (npm) May 18, 2021
Open Redirect in xdLocalStorage Moderate
CVE-2020-11611 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
OS Command Injection in fsa Moderate
CVE-2020-7615 was published for fsa (npm) Dec 9, 2021
Cross-site scripting in react-bootstrap-table Moderate
CVE-2021-23398 was published for react-bootstrap-table (npm) Dec 10, 2021
Open Redirect in trailing-slash Moderate
CVE-2021-23387 was published for trailing-slash (npm) Jun 8, 2021
Header injection in nodemailer Moderate
CVE-2021-23400 was published for nodemailer (npm) Dec 10, 2021
Directory Traversal in isomorphic-git Moderate
CVE-2021-30483 was published for isomorphic-git (npm) Sep 2, 2021
Denial of Service in SheetJS Pro Moderate
CVE-2021-32014 was published for org.webjars.npm:xlsx (Maven) Jul 22, 2021
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality Moderate
CVE-2021-32809 was published for ckeditor4 (npm) Aug 23, 2021
Regular expression denial of service in forms Moderate
CVE-2021-23388 was published for forms (npm) Jun 7, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database