Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,598 advisories

Loading
file-type vulnerable to Infinite Loop via malformed MKV file High
CVE-2022-36313 was published for file-type (npm) Jul 22, 2022
kiskoza ItalyPaleAle
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers High
CVE-2022-31172 was published for @openzeppelin/contracts (npm) Jul 21, 2022
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false High
CVE-2022-31170 was published for @openzeppelin/contracts (npm) Jul 21, 2022
Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header High
CVE-2022-36127 was published for skywalking-backend-js (npm) Jul 19, 2022
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service High
CVE-2021-35065 was published for glob-parent (npm) Jul 18, 2022
cowsrule wejendorp
wwuck paulmillr BGehrels
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload High
CVE-2020-7641 was published for grunt-util-property (npm) Jul 18, 2022
Terser insecure use of regular expressions leads to ReDoS High
CVE-2022-25858 was published for terser (npm) Jul 16, 2022
Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD High
CVE-2022-31179 was published for shescape (npm) Jul 15, 2022
tdunlap607
fastify-bearer-auth vulnerable to Timing Attack Vector High
CVE-2022-31142 was published for @fastify/bearer-auth (npm) Jul 15, 2022
Uzlopak
vm2 before 3.6.11 vulnerable to sandbox escape High
CVE-2019-10761 was published for vm2 (npm) Jul 14, 2022
Protected fields exposed via LiveQuery High
CVE-2022-31112 was published for parse-server (npm) Jul 6, 2022
Improper handling of email input High
CVE-2022-31127 was published for next-auth (npm) Jul 6, 2022
Sandiipmaity
Moment.js vulnerable to Inefficient Regular Expression Complexity High
CVE-2022-31129 was published for Moment.js (npm) Jul 6, 2022
vovikhangcdv
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method High
CVE-2022-31147 was published for jquery-validation (npm) Jul 5, 2022
erik-krogh bytestream
mthreer
Command injection in git-clone High
CVE-2022-25900 was published for git-clone (npm) Jul 2, 2022
lirantal
Regular expression denial of service in scss-tokenizer High
CVE-2022-25758 was published for scss-tokenizer (npm) Jul 2, 2022
jhutchings1 G-Rath
tomas-cerney
Authorization Bypass in parse-path High
CVE-2022-0624 was published for parse-path (npm) Jun 29, 2022
Hostname confusion in parse-url High
CVE-2022-0722 was published for parse-url (npm) Jun 28, 2022
JWS and JWT signature validation vulnerability with special characters High
CVE-2022-25898 was published for jsrsasign (npm) Jun 25, 2022
Prototype Pollution in deep-get-set High
CVE-2022-21231 was published for deep-get-set (npm) Jun 25, 2022
Improper handling of CSS at-rules in lettersanitizer High
CVE-2022-31103 was published for lettersanitizer (npm) Jun 23, 2022
Improper Handling of `callbackUrl` parameter in next-auth High
CVE-2022-31093 was published for next-auth (npm) Jun 21, 2022
stensrud
Invalid file request can crash server High
CVE-2022-31089 was published for parse-server (npm) Jun 20, 2022
mtrezza
Uncontrolled Resource Consumption in @discordjs/opus High
CVE-2022-25345 was published for @discordjs/opus (npm) Jun 18, 2022
DEVTomatoCake vladfrangu
pg-native and libpq vulnerable to uncontrolled resource consumption High
CVE-2022-25852 was published for libpq (npm) Jun 18, 2022
joshbressers
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database