Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Uncontrolled Resource Consumption in firebase Moderate
CVE-2020-7765 was published for @firebase/util (npm) May 18, 2021
Regular Expression Denial of Service in browserslist Moderate
CVE-2021-23364 was published for browserslist (npm) May 24, 2021
eivindfjeldstad-dot contains prototype pollution vulnerability Moderate
CVE-2020-7639 was published for @eivifj/dot (npm) May 25, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
GHSA-5vm8-hhgr-jcjp was published for tinymce (npm) May 28, 2021
ReDoS in Sec-Websocket-Protocol header Moderate
CVE-2021-32640 was published for ws (npm) May 28, 2021
robmcl4
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript Moderate
GHSA-h45p-w933-jxh3 was published for @aws-crypto/client-browser (npm) Jun 1, 2021
Path traversal Moderate
CVE-2021-32662 was published for @backstage/techdocs-common (npm) Jun 4, 2021
Script injection Moderate
CVE-2021-32661 was published for @backstage/plugin-techdocs (npm) Jun 4, 2021
Script injection Moderate
CVE-2021-32660 was published for @backstage/techdocs-common (npm) Jun 4, 2021
Regular expression denial of service in forms Moderate
CVE-2021-23388 was published for forms (npm) Jun 7, 2021
Open Redirect in trailing-slash Moderate
CVE-2021-23387 was published for trailing-slash (npm) Jun 8, 2021
Passing in a non-string 'html' argument can lead to unsanitized output Moderate
CVE-2021-32696 was published for striptags (npm) Jun 18, 2021
erik-krogh
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually Moderate
CVE-2021-32659 was published for matrix-appservice-bridge (npm) Jun 21, 2021
Missing Handler in @scandipwa/magento-scripts Moderate
CVE-2021-32684 was published for @scandipwa/magento-scripts (npm) Jun 21, 2021
Denial of service in Valine Moderate
CVE-2021-34801 was published for valine (npm) Jun 21, 2021
Prototype Pollution in lutils Moderate
CVE-2021-23396 was published for lutils (npm) Jun 21, 2021
ckeditor4 vulnerable to cross-site scripting Moderate
CVE-2021-33829 was published for ckeditor4 (Composer) Jun 21, 2021
Regular Expression Denial of Service (ReDOS) Moderate
CVE-2021-29060 was published for color-string (npm) Jun 22, 2021
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
URIjs Vulnerable to Hostname spoofing via backslashes in URL Moderate
CVE-2021-3647 was published for urijs (npm) Jul 19, 2021
ready-research
Privilege escalation: all users can access Admin-level API keys Moderate
CVE-2021-39192 was published for ghost (npm) Jul 22, 2021
zn9988
Denial of Service in SheetJS Pro Moderate
CVE-2021-32014 was published for org.webjars.npm:xlsx (Maven) Jul 22, 2021
Denial of Service in SheetsJS Pro Moderate
CVE-2021-32013 was published for org.webjars.npm:xlsx (Maven) Jul 22, 2021
Denial of Service in SheetJS Pro Moderate
CVE-2021-32012 was published for org.webjars.npm:xlsx (Maven) Jul 22, 2021
Cross-site scripting in anchorme Moderate
CVE-2021-23411 was published for anchorme (npm) Jul 26, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database