Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Cross-site Scripting in karma Moderate
CVE-2022-0437 was published for karma (npm) Feb 6, 2022
Prototype Pollution in keyget Moderate
CVE-2021-23760 was published for keyget (npm) Feb 1, 2022
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type Moderate
CVE-2022-35948 was published for undici (npm) Aug 18, 2022
happyhacking-k
`undici.request` vulnerable to SSRF using absolute URL on `pathname` Moderate
CVE-2022-35949 was published for undici (npm) Aug 18, 2022
Haxatron
Cross-site Scripting in Scratch-Svg-Renderer Moderate
CVE-2020-27428 was published for scratch-svg-renderer (npm) Jan 8, 2022
ReDoS in Sec-Websocket-Protocol header Moderate
CVE-2021-32640 was published for ws (npm) May 28, 2021
robmcl4
Regular Expression Denial of Service in moment Moderate
CVE-2016-4055 was published for moment (npm) Oct 24, 2017
Cross site scripting in Metro UI Moderate
CVE-2022-41376 was published for metro4 (npm) Oct 11, 2022
mercurius has Uncaught Exception when using subscriptions Moderate
CVE-2023-22477 was published for mercurius (npm) Jan 9, 2023
marcolanaro
Json2html vulnerable to cross-site scripting Moderate
CVE-2018-25053 was published for node-json2html (npm) Dec 28, 2022
Cross-site Scripting in bootstrap-table Moderate
CVE-2022-1726 was published for bootstrap-table (npm) May 17, 2022
Cross-site Scripting in Bootstrap-3-Typeahead Moderate
CVE-2019-10215 was published for bassjobsen/bootstrap-3-typeahead (Composer) May 24, 2022
Markdown-Nice v1.8.22 vulnerable to Cross-site Scripting Moderate
CVE-2022-38639 was published for markdown-nice (npm) Sep 10, 2022
Expo on iOS is insecure due incorrect security attribute application Moderate
CVE-2020-24653 was published for expo (npm) May 24, 2022
jhutchings1
liquidjs may leak properties of a prototype Moderate
CVE-2022-25948 was published for liquidjs (npm) Dec 22, 2022
Misinterpretation of malicious XML input Moderate
CVE-2021-21366 was published for xmldom (npm) Mar 12, 2021
jupenur karfau
brody4hire
Markdownify has Files or Directories Accessible to External Parties Moderate
CVE-2022-41710 was published for electron-markdownify (npm) Nov 4, 2022
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls Moderate
CVE-2022-35916 was published for @openzeppelin/contracts (npm) Aug 14, 2022
Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access Moderate
CVE-2018-25058 was published for twitter-fetcher-js (npm) Dec 29, 2022
Cross-Site Scripting in http-file-server Moderate
CVE-2019-5458 was published for http-file-server (npm) Jul 31, 2019
Prototype Pollution in merge-deep2. Moderate
CVE-2021-23700 was published for merge-deep2 (npm) Dec 16, 2021
Open redirect in @auth0/nextjs-auth0 Moderate
CVE-2021-43812 was published for @auth0/nextjs-auth0 (npm) Dec 16, 2021
Session fixation in express-openid-connect Moderate
CVE-2021-41246 was published for express-openid-connect (npm) Dec 9, 2021
Server-Side Request Forgery in ssrf-agent Moderate
CVE-2021-23718 was published for ssrf-agent (npm) Dec 2, 2021
Cross-site Scripting in pekeupload Moderate
CVE-2021-23673 was published for pekeupload (npm) Dec 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database