Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
XSS in `*Text` options of the Datepicker widget in jquery-ui Moderate
CVE-2021-41183 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena
Cross site scripting in froala-editor Moderate
CVE-2020-22864 was published for froala-editor (npm) Oct 28, 2021
janklimo
Cross-site scripting vulnerability in TinyMCE plugins Moderate
CVE-2024-21910 was published for TinyMCE (Composer) Nov 2, 2021
Inefficient Regular Expression Complexity in validator.js Moderate
CVE-2021-3765 was published for validator (npm) Nov 3, 2021
Prototype Pollution in json-pointer Moderate
CVE-2021-23820 was published for json-pointer (npm) Nov 8, 2021
G-Rath
Prototype Pollution in json-ptr Moderate
CVE-2021-23509 was published for json-ptr (npm) Nov 8, 2021
Prototype Pollution in node-jsonpointer Moderate
CVE-2021-23807 was published for jsonpointer (npm) Nov 8, 2021
Cross-site Scripting in tempura Moderate
CVE-2021-23784 was published for tempura (npm) Nov 8, 2021
Prototype Pollution in dotty Moderate
CVE-2021-23624 was published for dotty (npm) Nov 8, 2021
Stored XSS in Jupyter nbdime Moderate
CVE-2021-41134 was published for nbdime (npm) Nov 8, 2021
XSS vulnerability allowing arbitrary JavaScript execution Moderate
CVE-2021-41174 was published for @grafana/data (npm) Nov 8, 2021
Cross-site Scripting in apostrophe Moderate
CVE-2021-25978 was published for apostrophe (npm) Nov 10, 2021
Unauthorized access to data in @sap-cloud-sdk/core Moderate
CVE-2021-41251 was published for @sap-cloud-sdk/core (npm) Nov 10, 2021
johenning
Improper Verification of Communication Channel in @theia/plugin-ext Moderate
CVE-2021-41038 was published for @theia/plugin-ext (npm) Nov 15, 2021
Inefficient Regular Expression Complexity in Validator.js Moderate
GHSA-xx4c-jj58-r7x6 was published for validator (npm) Nov 19, 2021
yetingli G-Rath
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40828 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
NodeBB vulnerable to path traversal in translator module Moderate
CVE-2021-43788 was published for nodebb (npm) Nov 30, 2021
paul-gerste-sonarsource
Hexo Vulnerable to XSS Moderate
CVE-2021-25987 was published for hexo (npm) Dec 1, 2021
renbaoshuo
OS Command injection in docker-cli-js Moderate
CVE-2021-23732 was published for docker-cli-js (npm) Dec 2, 2021 withdrawn
Server-Side Request Forgery in ssrf-agent Moderate
CVE-2021-23718 was published for ssrf-agent (npm) Dec 2, 2021
Cross-site Scripting in pekeupload Moderate
CVE-2021-23673 was published for pekeupload (npm) Dec 2, 2021
Server side request forgery in SwaggerUI Moderate
GHSA-qrmm-w75w-3wpx was published for Swashbuckle.AspNetCore.SwaggerUI (npm) Dec 9, 2021
dinvlad pshelton-skype
Dingjie-Daniel-Yang
Session fixation in express-openid-connect Moderate
CVE-2021-41246 was published for express-openid-connect (npm) Dec 9, 2021
Open Redirect in xdLocalStorage Moderate
CVE-2020-11611 was published for xdLocalStorage (npm) Dec 9, 2021
G-Rath
OS Command Injection in fsa Moderate
CVE-2020-7615 was published for fsa (npm) Dec 9, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database