Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,298 advisories

Loading
Jellyfin Web Cross-Site Scripting (XSS) via Collection Name Moderate
CVE-2023-23635 was published for jellyfin-web (npm) Feb 3, 2023
Joplin Desktop App vulnerable to Cross-site Scripting Moderate
CVE-2022-45598 was published for joplin (npm) Jan 31, 2023
jSuites subect to Cross-site Scripting Moderate
CVE-2022-25979 was published for jsuites (npm) Jan 31, 2023
JSZip contains Path Traversal via loadAsync Moderate
CVE-2022-48285 was published for jszip (npm) Jan 29, 2023
Cross-site Scripting in yapi-vendor Moderate
CVE-2021-36686 was published for yapi-vendor (npm) Jan 26, 2023
Cross-site Scripting (XSS) in serve-lite Moderate
CVE-2022-25847 was published for serve-lite (npm) Jan 26, 2023
lirantal
@builder.io/qwik vulnerable to Cross-site Scripting Moderate
CVE-2023-0410 was published for @builder.io/qwik (npm) Jan 20, 2023
cookiejar Regular Expression Denial of Service via Cookie.parse function Moderate
CVE-2022-25901 was published for cookiejar (Maven) Jan 18, 2023
sno2
mel-spintax has Inefficient Regular Expression Complexity Moderate
CVE-2018-25077 was published for mel-spintax (npm) Jan 18, 2023
a12nserver vulnerable to potential SQL Injections via Knex dependency Moderate
GHSA-crhg-xgrg-vvcc was published for @curveball/a12n-server (npm) Jan 13, 2023
phoenix_html allows Cross-site Scripting in HEEx class attributes Moderate
CVE-2021-46871 was published for phoenix_html (Erlang) Jan 10, 2023
mercurius has Uncaught Exception when using subscriptions Moderate
CVE-2023-22477 was published for mercurius (npm) Jan 9, 2023
marcolanaro
@okta/oidc-middlewareOpen Redirect vulnerability Moderate
CVE-2022-3145 was published for @okta/oidc-middleware (npm) Jan 9, 2023
jviding
Vercel ms Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2017-20162 was published for ms (npm) Jan 5, 2023
Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access Moderate
CVE-2018-25058 was published for twitter-fetcher-js (npm) Dec 29, 2022
Json2html vulnerable to cross-site scripting Moderate
CVE-2018-25053 was published for node-json2html (npm) Dec 28, 2022
liquidjs may leak properties of a prototype Moderate
CVE-2022-25948 was published for liquidjs (npm) Dec 22, 2022
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC Moderate
CVE-2022-23541 was published for jsonwebtoken (npm) Dec 22, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
Smoothie vulnerable to Cross-site Scripting when tooltipLabel or strokeStyle are controlled by users Moderate
CVE-2022-25929 was published for smoothie (npm) Dec 21, 2022
WofWca
Oils JS vulnerable to Open Redirect Moderate
CVE-2021-4260 was published for oils (npm) Dec 19, 2022
easywebpack-cli Path Traversal vulnerability Moderate
CVE-2020-24855 was published for @easy-team/easywebpack-cli (npm) Dec 15, 2022
Authentication Bypass for passport-wsfed-saml2 Moderate
CVE-2022-23505 was published for passport-wsfed-saml2 (npm) Dec 13, 2022
Duplicate advisory: @claviska/jquery-minicolors vulnerable to Cross-site Scripting Moderate
CVE-2021-4243 was published for @claviska/jquery-minicolors (npm) Dec 12, 2022 withdrawn
Cross-site scripting vulnerability in TinyMCE alerts Moderate
CVE-2022-23494 was published for TinyMCE (Composer) Dec 8, 2022
P4rkJW
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database