Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
parse-server's session object properties can be updated by foreign user if object ID is known Moderate
CVE-2022-39225 was published for parse-server (npm) Sep 21, 2022
Vuetify Cross-site Scripting vulnerability Moderate
CVE-2022-25873 was published for org.webjars.npm:vuetify (Maven) Sep 19, 2022
Budibase Improper Access Control vulnerability Moderate
CVE-2022-3225 was published for @budibase/bbui (npm) Sep 17, 2022
JOSE vulnerable to resource exhaustion via specifically crafted JWE Moderate
CVE-2022-36083 was published for jose (npm) Sep 16, 2022
TomTervoort panva
Churro
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing Moderate
CVE-2022-3224 was published for parse-url (npm) Sep 16, 2022
matrix-appservice-irc vulnerable to IRC mode parameter confusion Moderate
CVE-2022-39202 was published for matrix-appservice-irc (npm) Sep 15, 2022
Markdown-Nice v1.8.22 vulnerable to Cross-site Scripting Moderate
CVE-2022-38639 was published for markdown-nice (npm) Sep 10, 2022
x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting Moderate
CVE-2022-25646 was published for x-data-spreadsheet (npm) Aug 31, 2022
Captcha Bypass in strapi-plugin-ezforms Moderate
GHSA-8mgq-6r2q-82w9 was published for strapi-plugin-ezforms (npm) Aug 30, 2022
Unexpected server crash in Next.js Moderate
CVE-2022-36046 was published for next (npm) Aug 30, 2022
Cleartext Transmission of Sensitive Information in moment-timezone Moderate
GHSA-v78c-4p63-2j6c was published for moment-timezone (npm) Aug 30, 2022
scovetta
Directus vulnerable to unhandled exception on illegal filename_disk value Moderate
CVE-2022-36031 was published for directus (npm) Aug 30, 2022
wgorecki
uri-template-lite Regular Expression Denial of Service Moderate
CVE-2021-43309 was published for uri-template-lite (npm) Aug 25, 2022
marfoldi
Cross site scripting in mobiledoc-kit Moderate
CVE-2022-2932 was published for mobiledoc-kit (npm) Aug 23, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
`undici.request` vulnerable to SSRF using absolute URL on `pathname` Moderate
CVE-2022-35949 was published for undici (npm) Aug 18, 2022
Haxatron
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page Moderate
GHSA-2fvv-qxrq-7jq6 was published for apollo-server-core (npm) Aug 18, 2022
adenkiewicz
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls Moderate
CVE-2022-35916 was published for @openzeppelin/contracts (npm) Aug 14, 2022
OpenZeppelin Contracts ERC165Checker unbounded gas consumption Moderate
CVE-2022-35915 was published for @openzeppelin/contracts (npm) Aug 14, 2022
CKEditor5 cross-site scripting vulnerability caused by the editor instance destroying process Moderate
CVE-2022-31175 was published for @ckeditor/ckeditor5-html-embed (npm) Aug 6, 2022
Solana Pay Vulnerable to Weakness in Transfer Validation Logic Moderate
CVE-2022-35917 was published for @solana/pay (npm) Aug 6, 2022
cmowenby
Raneto vulnerable to Cross-site Scripting Moderate
CVE-2022-35144 was published for raneto (npm) Aug 5, 2022
node-fetch Inefficient Regular Expression Complexity Moderate
CVE-2022-2596 was published for node-fetch (npm) Aug 2, 2022
vovikhangcdv
grapesjs before 0.19.5 vulnerable to Cross-site Scripting Moderate
CVE-2022-21802 was published for grapesjs (npm) Jul 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database