Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,296 advisories

Loading
URL Redirection to Untrusted Site ('Open Redirect') in next-auth Moderate
CVE-2022-29214 was published for next-auth (npm) May 24, 2022
Ry0taK
Prototype Pollution in json-pointer Moderate
CVE-2021-23820 was published for json-pointer (npm) Nov 8, 2021
G-Rath
NextAuth.js default redirect callback vulnerable to open redirects Moderate
CVE-2022-24858 was published for next-auth (npm) Apr 22, 2022
rustyguts
Cross-site Scripting in Auth0 Lock Moderate
CVE-2022-29172 was published for auth0-lock (npm) May 24, 2022
Potential Cross-site Scripting vulnerability in Hydrogen Moderate
CVE-2022-29230 was published for @shopify/hydrogen (npm) May 19, 2022
Incorrect Authorization in cross-fetch Moderate
CVE-2022-1365 was published for cross-fetch (npm) Apr 17, 2022
cysp
Cross-site Scripting in fullpage.js Moderate
CVE-2022-1330 was published for fullpage.js (npm) Apr 13, 2022
Cross-site Scripting in tableexport.jquery.plugin Moderate
CVE-2022-1291 was published for tableexport.jquery.plugin (npm) Apr 11, 2022
Cross site scripting in valine Moderate
CVE-2020-28847 was published for valine (npm) Apr 6, 2022
Cross-site Scripting in vditor Moderate
CVE-2022-0350 was published for vditor (npm) Apr 1, 2022
Cross-site Scripting in @rocket.chat/livechat Moderate
CVE-2022-21830 was published for @rocket.chat/livechat (npm) Apr 3, 2022
URL Confusion When Scheme Not Supplied in medialize/uri.js Moderate
CVE-2022-1233 was published for urijs (npm) Apr 5, 2022
Improper Verification of Cryptographic Signature in `node-forge` Moderate
CVE-2022-24773 was published for node-forge (npm) Mar 18, 2022
Sandbox escape in notevil and argencoders-notevil Moderate
CVE-2021-23771 was published for argencoders-notevil (npm) Mar 18, 2022
Prototype Pollution in bodymen Moderate
CVE-2022-25296 was published for bodymen (npm) Mar 18, 2022
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
Arbitrary command execution in roar-pidusage Moderate
CVE-2021-23380 was published for roar-pidusage (npm) May 6, 2021
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs Moderate
CVE-2021-32822 was published for hbs (npm) Sep 2, 2021
Code injection in npm git Moderate
CVE-2021-23632 was published for git (npm) Mar 18, 2022
Arbitrary code execution in kill-by-port Moderate
CVE-2021-23363 was published for kill-by-port (npm) Apr 13, 2021
Cross-site Scripting in CKEditor4 Moderate
CVE-2022-24728 was published for ckeditor4 (npm) Mar 16, 2022
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
yargs-parser Vulnerable to Prototype Pollution Moderate
CVE-2020-7608 was published for yargs-parser (npm) Sep 4, 2020
Cross-site Scripting in sanitize-url Moderate
CVE-2021-23648 was published for @braintree/sanitize-url (npm) Mar 17, 2022
Cross-site Scripting in vditor Moderate
CVE-2022-0341 was published for vditor (npm) Mar 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database