Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,598 advisories

Loading
markdown-it vulnerable to Inefficient Regular Expression Complexity High
CVE-2015-10005 was published for markdown-it (npm) Dec 27, 2022
email-existence Inefficient Regular Expression Complexity vulnerability High
CVE-2018-25049 was published for email-existence (npm) Dec 27, 2022
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability High
CVE-2021-4279 was published for fast-json-patch (npm) Dec 25, 2022
sharonbz
tree-kit vulnerable to Prototype Pollution High
CVE-2021-4278 was published for tree-kit (npm) Dec 25, 2022
SimbCo httpster vulnerable to Path Traversal High
CVE-2020-36629 was published for httpster (npm) Dec 25, 2022
jsonwebtoken unrestricted key type could lead to legacy keys usage High
CVE-2022-23539 was published for jsonwebtoken (npm) Dec 22, 2022
jsonwebtoken has insecure input validation in jwt.verify function High
CVE-2022-23529 was published for jsonwebtoken (npm) Dec 22, 2022 withdrawn
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
lite-dev-server vulnerable to Directory Traversal High
CVE-2022-25895 was published for lite-dev-server (npm) Dec 21, 2022
lirantal
abacus-ext-cmdline vulnerable to Command Injection High
CVE-2022-24431 was published for abacus-ext-cmdline (npm) Dec 21, 2022
easy-static-server vulnerable to Directory Traversal High
CVE-2022-25931 was published for easy-static-server (npm) Dec 20, 2022
lirantal
p4 vulnerable to Command Injection due to improper input sanitization High
CVE-2022-25171 was published for p4 (npm) Dec 20, 2022
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
Knex.js has a limited SQL injection vulnerability High
CVE-2016-20018 was published for knex (npm) Dec 19, 2022
alokmenghrajani pmartinat
tdunlap607
@cubejs-backend/api-gateway row level security bypass High
CVE-2022-23510 was published for @cubejs-backend/api-gateway (npm) Dec 12, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23487 was published for libp2p (npm) Dec 7, 2022
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol High
CVE-2022-25912 was published for simple-git (npm) Dec 6, 2022
muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference High
CVE-2022-41957 was published for hummus (npm) Dec 5, 2022
static-dev-server vulnerable to path traversal High
CVE-2022-25848 was published for static-dev-server (npm) Nov 29, 2022
lirantal
ghost vulnerable to unauthorized newsletter modification via improper access controls High
CVE-2022-41654 was published for ghost (npm) Nov 28, 2022
decode-uri-component vulnerable to Denial of Service (DoS) High
CVE-2022-38900 was published for decode-uri-component (npm) Nov 28, 2022
G-Rath
qs vulnerable to Prototype Pollution High
CVE-2022-24999 was published for qs (npm) Nov 27, 2022
dougwilson
Redwood is vulnerable to account takeover via dbAuth "forgot-password" High
GHSA-3qmc-2r76-4rqp was published for @redwoodjs/api (npm) Nov 10, 2022
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks High
CVE-2022-41879 was published for parse-server (npm) Nov 10, 2022
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers High
CVE-2022-41878 was published for parse-server (npm) Nov 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database