Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
keycloak-connect contains Open redirect vulnerability in the Node.js adapter Moderate
CVE-2022-2237 was published for keycloak-connect (npm) Mar 2, 2023
jviding
Vega Expression Language `scale` expression function Cross Site Scripting Moderate
CVE-2023-26486 was published for vega (npm) Mar 2, 2023
ajxchapman hydrosquall
Vega has Cross-site Scripting vulnerability in `lassoAppend` function Moderate
CVE-2023-26487 was published for vega (npm) Mar 2, 2023
azasypkin jkakavas
rsshub vulnerable to Cross-site Scripting via unvalidated URL parameters Moderate
CVE-2023-26491 was published for rsshub (npm) Mar 1, 2023
Ry0taK
@braintree/sanitize-url Cross-site Scripting vulnerability Moderate
CVE-2022-48345 was published for @braintree/sanitize-url (npm) Feb 24, 2023
Vditor Cross-site Scripting vulnerability Moderate
CVE-2021-32855 was published for vditor (npm) Feb 21, 2023
textAngular Cross-site Scripting vulnerability Moderate
CVE-2021-32854 was published for textangular (npm) Feb 21, 2023
Baremetrics date range picker vulnerable to Cross-site Scripting Moderate
CVE-2021-32859 was published for baremetrics-calendar (npm) Feb 21, 2023
iziModal Cross-site Scripting vulnerability Moderate
CVE-2021-32860 was published for izimodal (npm) Feb 21, 2023
@claviska/jquery-minicolors vulnerable to Cross-site Scripting Moderate
CVE-2021-32850 was published for @claviska/jquery-minicolors (npm) Feb 21, 2023
Mind-elixir Cross-site Scripting vulnerability Moderate
CVE-2021-32851 was published for mind-elixir (npm) Feb 21, 2023
Erxes vulnerable to Cross-site Scripting Moderate
CVE-2021-32853 was published for erxes (npm) Feb 21, 2023
generator-hottowel Cross-site Scripting vulnerability Moderate
CVE-2016-15025 was published for generator-hottowel (npm) Feb 20, 2023
Cross-site Scripting in jspreadsheet Moderate
CVE-2022-48115 was published for jspreadsheet-ce (npm) Feb 18, 2023
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler Moderate
CVE-2025-27098 was published for @graphql-mesh/cli (npm) Feb 16, 2023
ardatan dotansimha
Sequelize information disclosure vulnerability Moderate
CVE-2023-22580 was published for @sequelize/core (npm) Feb 16, 2023
Cross site scripting Vulnerability in backstage Software Catalog Moderate
CVE-2023-25571 was published for @backstage/catalog-model (npm) Feb 14, 2023
Cross-Site-Scripting attack on `<RichTextField>` Moderate
CVE-2023-25572 was published for ra-ui-materialui (npm) Feb 14, 2023
daugsbi
Cross-site scripting in CKEditor5 Moderate
CVE-2022-48110 was published for ckeditor5 (npm) Feb 13, 2023 withdrawn
Path traversal vulnerability in glance Moderate
CVE-2022-25937 was published for glance (npm) Feb 13, 2023
lirantal
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability Moderate
CVE-2023-25166 was published for @sideway/formula (npm) Feb 8, 2023
sno2
Jellyfin Web Cross-Site Scripting (XSS) via Playlist Name Moderate
CVE-2023-23636 was published for jellyfin-web (npm) Feb 3, 2023
Jellyfin Web Cross-Site Scripting (XSS) via Collection Name Moderate
CVE-2023-23635 was published for jellyfin-web (npm) Feb 3, 2023
Joplin Desktop App vulnerable to Cross-site Scripting Moderate
CVE-2022-45598 was published for joplin (npm) Jan 31, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database