Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Remote command injection when using sendmail email transport Moderate
GHSA-wfrj-qqc2-83cm was published for ghost (npm) Sep 20, 2021
tdunlap607
Prototype Pollution in the merge and clone helper methods Moderate
CVE-2021-39227 was published for zrender (npm) Sep 20, 2021
Asjidkalam huntr-helper
Cross-site Scripting in peertube Moderate
CVE-2021-3780 was published for peertube (npm) Sep 20, 2021
prismjs Regular Expression Denial of Service vulnerability Moderate
CVE-2021-3801 was published for prismjs (npm) Sep 20, 2021
Denial of Service in node-static Moderate
GHSA-8r4g-cg4m-x23c was published for node-static (npm) Sep 22, 2021
Path Traversal in serve-here.js Moderate
CVE-2019-5444 was published for serve-here.js (npm) Sep 22, 2021
Regular Expression Denial of Service in millisecond Moderate
GHSA-m489-xr35-fjxr was published for millisecond (npm) Sep 22, 2021
Prototype Pollution in jointjs Moderate
CVE-2021-23444 was published for jointjs (npm) Sep 22, 2021
Cross-site Scripting in edge.js Moderate
CVE-2021-23443 was published for edge.js (npm) Sep 22, 2021
Member account takeover Moderate
GHSA-65p7-pjj8-ggmr was published for ghost (npm) Sep 23, 2021
allouis
Cross site scripting in datatables.net Moderate
CVE-2021-23445 was published for datatables.net (npm) Sep 29, 2021
Regular Expression Denial of Service in jsoneditor Moderate
CVE-2021-3822 was published for jsoneditor (npm) Sep 29, 2021
Improper Access Control in passport-oauth2 Moderate
CVE-2021-41580 was published for passport-oauth2 (npm) Sep 29, 2021
URL Redirection to Untrusted Site ('Open Redirect') in fastify-static Moderate
CVE-2021-22963 was published for fastify-static (npm) Oct 5, 2021
Cross-site Scripting in Froala Editor Moderate
CVE-2021-30109 was published for froala-editor (npm) Oct 6, 2021
Denial of Service (DoS) in mongo-express Moderate
CVE-2021-23372 was published for mongo-express (npm) Oct 6, 2021
Cross-site Scripting in teddy Moderate
CVE-2021-23447 was published for teddy (npm) Oct 12, 2021
Cross-site Scripting in jsoneditor Moderate
CVE-2020-23849 was published for jsoneditor (npm) Oct 12, 2021
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API Moderate
CVE-2021-39184 was published for electron (npm) Oct 12, 2021
nornagon
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4 Moderate
CVE-2021-26272 was published for ckeditor4 (npm) Oct 13, 2021
Cross site scripting in kindeditor Moderate
CVE-2021-42227 was published for kindeditor (npm) Oct 18, 2021
Path Traversal in @backstage/plugin-scaffolder-backend Moderate
CVE-2021-41151 was published for @backstage/plugin-scaffolder-backend (npm) Oct 19, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21908 was published for TinyMCE (Composer) Oct 22, 2021
XSS in the `altField` option of the Datepicker widget in jquery-ui Moderate
CVE-2021-41182 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena
XSS in the `of` option of the `.position()` util in jquery-ui Moderate
CVE-2021-41184 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena A-Fitz-Nelnet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database