Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
angular-ui-notification Cross-site Scripting vulnerability Moderate
CVE-2023-34840 was published for angular-ui-notification (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37299 was published for joplin (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37298 was published for joplin (npm) Jun 30, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
word-wrap vulnerable to Regular Expression Denial of Service Moderate
CVE-2023-26115 was published for word-wrap (npm) Jun 22, 2023
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id Moderate
CVE-2023-35167 was published for remult (npm) Jun 20, 2023
ChrisRimmer
AWS CDK EKS overly permissive trust policies Moderate
CVE-2023-35165 was published for @aws-cdk/aws-eks (npm) Jun 19, 2023
twelvemo stefreak
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees Moderate
CVE-2023-34459 was published for @openzeppelin/contracts (npm) Jun 19, 2023
@keystone-6/auth Open Redirect vulnerability Moderate
CVE-2023-34247 was published for @keystone-6/auth (npm) Jun 14, 2023
scgajge12
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name Moderate
CVE-2023-26920 was published for fast-xml-parser (npm) Jun 13, 2023
Sudistark
crypto-js uses insecure random numbers Moderate
CVE-2020-36732 was published for crypto-js (npm) Jun 12, 2023
Gatsby develop server has Local File Inclusion vulnerability Moderate
CVE-2023-34238 was published for gatsby (npm) Jun 9, 2023
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning Moderate
CVE-2023-34234 was published for @openzeppelin/contracts (npm) Jun 8, 2023
MarkLee131
Phishing attack vulnerability by uploading malicious HTML file Moderate
CVE-2023-32689 was published for parse-server (npm) May 31, 2023
dblythy mtrezza
proxy denial of service vulnerability Moderate
CVE-2023-2968 was published for proxy (npm) May 30, 2023
antfu/utils vulnerable to prototype pollution Moderate
CVE-2023-2972 was published for @antfu/utils (npm) May 30, 2023
html inputs of type password recorded in plaintext when converted to text inputs Moderate
CVE-2023-33187 was published for highlight.run (npm) May 26, 2023
Insufficient validation when decoding a Socket.IO packet Moderate
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
Potential for cross-site scripting in PostHog-js Moderate
CVE-2023-32325 was published for posthog-js (npm) May 22, 2023
Invalid push request payload crashes Parse Server Moderate
CVE-2023-32688 was published for parse-server-push-adapter (npm) May 22, 2023
dblythy mtrezza
vm2 vulnerable to Inspect Manipulation Moderate
CVE-2023-32313 was published for vm2 (npm) May 17, 2023
arkark
Buffer under-read in workerd Moderate
CVE-2023-2512 was published for workerd (npm) May 12, 2023
ubercomp
n8n Directory Traversal vulnerability Moderate
CVE-2023-27562 was published for n8n (npm) May 10, 2023
MarkLee131
Cross-site scripting in TotalJS Moderate
CVE-2023-30094 was published for total4 (npm) May 4, 2023
engine.io Uncaught Exception vulnerability Moderate
CVE-2023-31125 was published for engine.io (npm) May 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database