Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Misinterpretation of malicious XML input Moderate
CVE-2021-32796 was published for @xmldom/xmldom (npm) Aug 3, 2021
diptendur2c
Arbitrary Command Injection due to Improper Command Sanitization Moderate
GHSA-hxwm-x553-x359 was published for @npmcli/git (npm) Aug 5, 2021
tyage
vercel/serve allows access to restricted files if filename is URL encoded. Moderate
CVE-2018-3718 was published for serve (npm) Aug 9, 2021
Regular Expression Denial of Service in path-parse Moderate
CVE-2021-23343 was published for path-parse (npm) Aug 10, 2021
jszip Vulnerable to Prototype Pollution Moderate
CVE-2021-23413 was published for jszip (npm) Aug 10, 2021
kalinkrustev
Open redirect in url-parse Moderate
CVE-2021-3664 was published for url-parse (npm) Aug 10, 2021
Cross-site Scripting in curly-bracket-parser Moderate
CVE-2021-23416 was published for curly-bracket-parser (npm) Aug 10, 2021
Prototype Pollution in deepmergefn Moderate
CVE-2021-23417 was published for deepmergefn (npm) Aug 10, 2021
Cross-site Scripting in video.js Moderate
CVE-2021-23414 was published for video.js (npm) Aug 10, 2021
Open Redirect in Next.js Moderate
CVE-2021-37699 was published for next (npm) Aug 12, 2021
medikoo
Clipboard-based DOM-XSS Moderate
CVE-2021-37700 was published for @github/paste-markdown (npm) Aug 12, 2021
bananabr
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality Moderate
CVE-2021-32809 was published for ckeditor4 (npm) Aug 23, 2021
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
Unlimited transforms allowed for signed nodes Moderate
CVE-2021-39171 was published for passport-saml (npm) Aug 30, 2021
pp-ps
Prototype Pollution in open-graph Moderate
CVE-2021-23419 was published for open-graph (npm) Sep 1, 2021
Prototype Pollution in object-path Moderate
CVE-2021-23434 was published for object-path (npm) Sep 1, 2021
Cross-site Request Forgery (CSRF) in joplin Moderate
CVE-2021-23431 was published for joplin (npm) Sep 2, 2021
Prototype Pollution in mootools Moderate
CVE-2021-23432 was published for mootools (npm) Sep 2, 2021
Uncontrolled Resource Consumption in transpile Moderate
CVE-2021-23429 was published for transpile (npm) Sep 2, 2021
Uncontrolled Resource Consumption in trim-off-newlines Moderate
CVE-2021-23425 was published for trim-off-newlines (npm) Sep 2, 2021
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs Moderate
CVE-2021-32822 was published for hbs (npm) Sep 2, 2021
Directory Traversal in isomorphic-git Moderate
CVE-2021-30483 was published for isomorphic-git (npm) Sep 2, 2021
Type confusion in mpath Moderate
CVE-2021-23438 was published for mpath (npm) Sep 2, 2021
Cross-site Scripting in file-upload-with-preview Moderate
CVE-2021-23439 was published for file-upload-with-preview (npm) Sep 7, 2021
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver Moderate
CVE-2021-40823 was published for matrix-js-sdk (npm) Sep 14, 2021
dkasak
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database