Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
Oils JS vulnerable to Open Redirect Moderate
CVE-2021-4260 was published for oils (npm) Dec 19, 2022
Cross site scripting in parse-url Moderate
CVE-2022-2218 was published for parse-url (npm) Jun 28, 2022
Server-Side Request Forgery in link-preview-js Moderate
CVE-2022-25876 was published for link-preview-js (npm) Jul 2, 2022
jhutchings1
Server-Side Request Forgery in Directus Moderate
CVE-2022-23080 was published for directus (npm) Jun 23, 2022
Got allows a redirect to a UNIX socket Moderate
CVE-2022-33987 was published for got (npm) Jun 19, 2022
sonicdoe
Cross site scripting in parse-url Moderate
CVE-2022-2217 was published for parse-url (npm) Jun 28, 2022
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy Moderate
CVE-2022-31069 was published for @finastra/nestjs-proxy (npm) Jun 17, 2022
kronoshadow
AutoUpdater module fails to validate certain nested components of the bundle Moderate
CVE-2022-29257 was published for electron (npm) Jun 16, 2022
Cross-site Scripting in NocoDB Moderate
CVE-2022-2079 was published for nocodb (npm) Jun 15, 2022
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy Moderate
CVE-2022-31070 was published for @finastra/nestjs-proxy (npm) Jun 17, 2022
kronoshadow
Out-of-bounds Read in fast-string-search Moderate
CVE-2022-25872 was published for fast-string-search (npm) Jun 18, 2022
Prototype Pollution in querymen Moderate
CVE-2022-25871 was published for querymen (npm) Jun 18, 2022
Cross-site Scripting in Strapi Moderate
CVE-2022-29894 was published for strapi (npm) Jun 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release Moderate
CVE-2022-31051 was published for semantic-release (npm) Jun 9, 2022
dmosen
Missing Cryptographic Step in cassproject Moderate
CVE-2022-29229 was published for cassproject (npm) May 25, 2022
Android WebView Universal Cross-site Scripting Moderate
CVE-2020-6506 was published for react-native-webview (npm) Oct 2, 2020
alesandroortiz
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes Moderate
CVE-2019-14863 was published for angular (npm) Feb 14, 2020
react-dev-utils OS Command Injection in function `getProcessForPort` Moderate
CVE-2021-24033 was published for react-dev-utils (npm) Mar 11, 2021
Improper Neutralization of Input During Web Page Generation in Select2 Moderate
CVE-2016-10744 was published for select2 (npm) May 14, 2022
Improper Input Validation in strapi Moderate
CVE-2020-13961 was published for strapi (npm) May 24, 2022
Improper Neutralization of Input During Web Page Generation in swagger-ui Moderate
CVE-2016-1000229 was published for swagger-ui (npm) May 24, 2022
Improper Neutralization of Input During Web Page Generation in CKEditor4 Moderate
CVE-2020-27193 was published for ckeditor4 (npm) May 24, 2022
spellman
x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting Moderate
CVE-2022-25646 was published for x-data-spreadsheet (npm) Aug 31, 2022
Exposure of Sensitive Information to an Unauthorized Actor in nanoid Moderate
CVE-2021-23566 was published for nanoid (npm) Jan 21, 2022
baptistecs
undici before v5.8.0 vulnerable to CRLF injection in request headers Moderate
CVE-2022-31150 was published for undici (npm) Jul 21, 2022
Haxatron
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database