Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,110
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

213 advisories

Loading
Path traversal in Node-Red Low
CVE-2021-21298 was published for @node-red/runtime (npm) Feb 26, 2021
User content sandbox can be confused into opening arbitrary documents Low
CVE-2021-21320 was published for matrix-react-sdk (npm) Mar 3, 2021
keerok
Command injection in @diez/generation Low
CVE-2021-32830 was published for @diez/generation (npm) Sep 2, 2021
Withdrawn: Arbitrary code execution in lodash Low Unreviewed
CVE-2021-41720 was published for lodash (npm) Dec 3, 2021
Cross-site Scripting in dijit editor's LinkDialog plugin Low
CVE-2020-4051 was published for dijit (npm) Jun 15, 2020
Alexxino MikeAnas
Imperative CLI vulnerable to Command Injection Low
CVE-2021-4326 was published for @zowe/imperative (npm) Mar 1, 2023
MarkAckert
Command Injection in Limdu Low
CVE-2020-4066 was published for limdu (npm) Jun 22, 2020
Churro
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr Low
CVE-2017-18869 was published for chownr (npm) Feb 10, 2022
tdunlap607
Reverse Tabnabbing in showdown Low
GHSA-h6mq-3cj6-h738 was published for showdown (npm) Sep 3, 2020
tdunlap607
Regular Expression Denial of Service in clean-css Low
GHSA-wxhq-pm8v-cw75 was published for clean-css (npm) Jun 5, 2019
G-Rath
Regular Expression Denial of Service in marked Low
GHSA-ch52-vgq2-943f was published for marked (npm) Sep 3, 2020
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces Low
GHSA-68jh-rf6x-836f was published for @apollo/server (npm) Jun 16, 2023
@keystone-6/core's bundled cuid package known to be insecure Low
GHSA-5fp6-4xw3-xqq3 was published for @keystone-6/core (npm) Jun 12, 2023
TomDo1234
Vendure Cross Site Request Forgery vulnerability impacting all API requests Low
GHSA-h9wq-xcqx-mqxm was published for @vendure/core (npm) Jul 11, 2023
Yaniv-git
Regular expression denial of service in semver-regex Low
CVE-2021-43307 was published for semver-regex (npm) Jun 3, 2022
Regular Expression Denial of Service (ReDoS) in jsx-slack Low
CVE-2021-43838 was published for jsx-slack (npm) Dec 17, 2021
hieki
Renderers can obtain access to random bluetooth device without permission in Electron Low
CVE-2022-21718 was published for electron (npm) Mar 22, 2022
PalmerAL
Minimal `basti` IAM Policy Allows Shell Access Low
GHSA-q4pp-j36h-3gqg was published for basti-cdk (npm) Aug 24, 2023
ramimac
Prevent logging invalid header values Low
GHSA-j5g3-5c8r-7qfx was published for @apollo/server (npm) Aug 30, 2023
Regular Expression Denial of Service in jadedown Low
CVE-2016-10520 was published for jadedown (npm) Feb 18, 2019
Remote Memory Disclosure in ws Low
CVE-2016-10518 was published for ws (npm) Feb 18, 2019
tdunlap607
Cross-Site Scripting in serialize-to-js Low
CVE-2019-16772 was published for serialize-to-js (npm) Dec 6, 2019
Shescape potential environment variable exposure on Windows with CMD Low
CVE-2023-35931 was published for shescape (npm) Jun 22, 2023
eslint-detailed-reporter vulnerable to cross-site scripting Low
CVE-2022-4942 was published for eslint-detailed-reporter (npm) Apr 20, 2023
Possible prototype pollution in metadata record, when using meta decorator Low
CVE-2023-30857 was published for @aedart/support (npm) May 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database