Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Improper Privilege Management in shelljs Moderate
GHSA-64g7-mvw6-v9qj was published for shelljs (npm) Jan 14, 2022
Incorrect Default Permissions in log4js Moderate
CVE-2022-21704 was published for log4js (npm) Jan 21, 2022
lamweili ranjit-git
Open Redirect in node-forge Moderate
CVE-2022-0122 was published for node-forge (npm) Jan 21, 2022
Cross-site Scripting in epubjs Moderate
CVE-2021-33040 was published for epubjs (npm) Jan 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in nanoid Moderate
CVE-2021-23566 was published for nanoid (npm) Jan 21, 2022
baptistecs
vditor Vulnerable to Cross-site Scripting in SVG events Moderate
CVE-2021-4103 was published for vditor (npm) Jan 28, 2022
Denial of Service Vulnerability in next.js Moderate
CVE-2022-21721 was published for next (npm) Jan 28, 2022
ijjk
Prototype Pollution in keyget Moderate
CVE-2021-23760 was published for keyget (npm) Feb 1, 2022
Cross-site Scripting in karma Moderate
CVE-2022-0437 was published for karma (npm) Feb 6, 2022
Server-Side Request Forgery in @peertube/embed-api Moderate
CVE-2022-0508 was published for @peertube/embed-api (npm) Feb 9, 2022
Improper Certificate Validation in node-sass Moderate
CVE-2020-24025 was published for node-sass (npm) Feb 9, 2022
tdunlap607
Prototype Pollution in dot-object Moderate
CVE-2019-10793 was published for dot-object (npm) Feb 9, 2022
RDIL
Prototype Pollution in undefsafe Moderate
CVE-2019-10795 was published for undefsafe (npm) Feb 9, 2022
RDIL
Signatures are mistakenly recognized to be valid in jsrsasign Moderate
GHSA-h87q-g2wp-47pj was published for jsrsasign (npm) Feb 9, 2022
TOCTOU Race Condition in Yarn Moderate
CVE-2019-15608 was published for yarn (npm) Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects Moderate
CVE-2022-0536 was published for follow-redirects (npm) Feb 10, 2022
Cross-site Scripting in markdown-it-highlightjs Moderate
CVE-2020-7773 was published for markdown-it-highlightjs (npm) Feb 10, 2022
Cross-site scripting in @atlaskit/editor-core Moderate
CVE-2019-20903 was published for @atlaskit/editor-core (npm) Feb 10, 2022
Deserialization of Untrusted Data in bson Moderate
CVE-2019-2391 was published for bson (npm) Feb 10, 2022
Prototype Pollution in Ajv Moderate
CVE-2020-15366 was published for ajv (npm) Feb 10, 2022
DOM-based cross-site scripting in Froala Editor Moderate
CVE-2019-19935 was published for froala-editor (npm) Feb 10, 2022
erik-krogh
Cross-site Scripting in aurelia-framework Moderate
CVE-2019-10062 was published for aurelia-framework (npm) Feb 10, 2022
mroeling bigopon
Cross-site Scripting in vmd Moderate
CVE-2021-33041 was published for vmd (npm) Feb 10, 2022
Improper file handling in matrix-react-sdk Moderate
CVE-2021-32622 was published for matrix-react-sdk (npm) Feb 10, 2022
Open Redirect in koa-remove-trailing-slashes Moderate
CVE-2021-23384 was published for koa-remove-trailing-slashes (npm) Feb 10, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database