Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
@ianwalter/merge Prototype Pollution via `merge` function Moderate
CVE-2021-23397 was published for @ianwalter/merge (npm) Jul 26, 2022
RDIL
markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped Moderate
CVE-2020-28455 was published for markdown-it-toc (npm) Jul 26, 2022
snyk-broker Path Traversal before v4.73.0 Moderate
CVE-2020-7649 was published for snyk-broker (npm) Jul 26, 2022
undici before v5.8.0 vulnerable to CRLF injection in request headers Moderate
CVE-2022-31150 was published for undici (npm) Jul 21, 2022
Haxatron
markdown-it-decorate vulnerable to cross-site scripting (XSS) Moderate
CVE-2020-28459 was published for markdown-it-decorate (npm) Jul 19, 2022
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label Moderate
CVE-2022-31160 was published for jQuery.UI.Combined (RubyGems) Jul 18, 2022
Elkano c960657
Borzik
Angular (deprecated package) Cross-site Scripting Moderate
CVE-2022-25869 was published for angular (npm) Jul 16, 2022
Strapi 4.1.12 Cross-site Scripting via crafted file Moderate
CVE-2022-32114 was published for @strapi/strapi (npm) Jul 14, 2022
Svelte vulnerable to XSS when using objects during server-side rendering Moderate
CVE-2022-25875 was published for svelte (npm) Jul 13, 2022
Possible inject arbitrary `CSS` into the generated graph affecting the container HTML Moderate
CVE-2022-31108 was published for mermaid (npm) Jul 5, 2022
Server-Side Request Forgery in link-preview-js Moderate
CVE-2022-25876 was published for link-preview-js (npm) Jul 2, 2022
jhutchings1
Passport vulnerable to session regeneration when a users logs in or out Moderate
CVE-2022-25896 was published for passport (npm) Jul 2, 2022
jhutchings1
Cross site scripting in parse-url Moderate
CVE-2022-2217 was published for parse-url (npm) Jun 28, 2022
Cross site scripting in parse-url Moderate
CVE-2022-2218 was published for parse-url (npm) Jun 28, 2022
Denial of Service (DoS) vulnerability in RSSHub Moderate
CVE-2022-31110 was published for rsshub (npm) Jun 23, 2022
Rongronggg9
Server-Side Request Forgery in Directus Moderate
CVE-2022-23080 was published for directus (npm) Jun 23, 2022
Got allows a redirect to a UNIX socket Moderate
CVE-2022-33987 was published for got (npm) Jun 19, 2022
sonicdoe
Out-of-bounds Read in fast-string-search Moderate
CVE-2022-25872 was published for fast-string-search (npm) Jun 18, 2022
Prototype Pollution in querymen Moderate
CVE-2022-25871 was published for querymen (npm) Jun 18, 2022
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy Moderate
CVE-2022-31070 was published for @finastra/nestjs-proxy (npm) Jun 17, 2022
kronoshadow
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy Moderate
CVE-2022-31069 was published for @finastra/nestjs-proxy (npm) Jun 17, 2022
kronoshadow
Ghost vulnerable to remote code execution in locale setting change Moderate
GHSA-7v28-g2pq-ggg8 was published for ghost (npm) Jun 17, 2022
devx00
Path traversal for local publishers in TechDocs backend Moderate
GHSA-4jqc-jvh2-pxg9 was published for @backstage/plugin-techdocs-node (npm) Jun 17, 2022
Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags Moderate
CVE-2021-33295 was published for joplin (npm) Jun 17, 2022
AutoUpdater module fails to validate certain nested components of the bundle Moderate
CVE-2022-29257 was published for electron (npm) Jun 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database