Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
directus vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2023-28443 was published for directus (npm) Mar 23, 2023
JohnHillegass
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime Moderate
CVE-2021-29446 was published for jose-node-cjs-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime Moderate
CVE-2021-29445 was published for jose-node-esm-runtime (npm) Apr 19, 2021
rsshub vulnerable to Cross-site Scripting via unvalidated URL parameters Moderate
CVE-2023-26491 was published for rsshub (npm) Mar 1, 2023
Ry0taK
Vega has Cross-site Scripting vulnerability in `lassoAppend` function Moderate
CVE-2023-26487 was published for vega (npm) Mar 2, 2023
azasypkin jkakavas
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe Moderate
CVE-2023-26108 was published for @nestjs/core (npm) Mar 6, 2023
OpenZeppelin Contracts contains Incorrect Calculation Moderate
CVE-2023-26488 was published for @openzeppelin/contracts (npm) Mar 3, 2023
Vega Expression Language `scale` expression function Cross Site Scripting Moderate
CVE-2023-26486 was published for vega (npm) Mar 2, 2023
ajxchapman hydrosquall
Directus vulnerable to Server-Side Request Forgery On File Import Moderate
CVE-2023-26492 was published for directus (npm) Mar 3, 2023
Ccamm votr123
@braintree/sanitize-url Cross-site Scripting vulnerability Moderate
CVE-2022-48345 was published for @braintree/sanitize-url (npm) Feb 24, 2023
Vega vulnerable to arbitrary code execution when clicking href links Moderate
GHSA-cp47-r258-q626 was published for vega (npm) Mar 2, 2023
generator-hottowel Cross-site Scripting vulnerability Moderate
CVE-2016-15025 was published for generator-hottowel (npm) Feb 20, 2023
Cross-site Scripting in yapi-vendor Moderate
CVE-2021-36686 was published for yapi-vendor (npm) Jan 26, 2023
Cross-site Scripting in jspreadsheet Moderate
CVE-2022-48115 was published for jspreadsheet-ce (npm) Feb 18, 2023
Remote Code Execution in markdown-pdf Moderate
CVE-2018-3770 was published for markdown-pdf (npm) Jul 27, 2018
Cross-Site Scripting in sexstatic Moderate
CVE-2018-3755 was published for sexstatic (npm) Oct 1, 2018
Path Traversal in node-srv Moderate
CVE-2018-3714 was published for node-srv (npm) Jul 26, 2018
Path Traversal in angular-http-server Moderate
CVE-2018-3713 was published for angular-http-server (npm) Jul 26, 2018
CRLF Injection in Nodejs ‘undici’ via host Moderate
CVE-2023-23936 was published for undici (npm) Feb 16, 2023
Path traversal vulnerability in glance Moderate
CVE-2022-25937 was published for glance (npm) Feb 13, 2023
lirantal
Open redirect in url-parse Moderate
CVE-2021-3664 was published for url-parse (npm) Aug 10, 2021
Path traversal in url-parse Moderate
CVE-2021-27515 was published for url-parse (npm) May 6, 2021
Authorization bypass in url-parse Moderate
CVE-2022-0512 was published for url-parse (npm) Feb 15, 2022
Cross-site scripting in CKEditor5 Moderate
CVE-2022-48110 was published for ckeditor5 (npm) Feb 13, 2023 withdrawn
Sequelize information disclosure vulnerability Moderate
CVE-2023-22580 was published for @sequelize/core (npm) Feb 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database