Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,124
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,598 advisories

Loading
Collection.js vulnerable to Prototype Pollution High
CVE-2023-26113 was published for collection.js (npm) Mar 18, 2023
Duplicate Advisory: pullit Command Injection vulnerability High
GHSA-2w9p-xf5h-qwj3 was published for pullit (npm) Mar 27, 2023 withdrawn
matrix-js-sdk Prototype Pollution vulnerability High
CVE-2022-36059 was published for matrix-js-sdk (npm) Mar 28, 2023
matrix-react-sdk Prototype pollution vulnerability High
CVE-2022-36060 was published for matrix-react-sdk (npm) Mar 28, 2023
Prototype pollution in matrix-react-sdk High
CVE-2023-28103 was published for matrix-react-sdk (npm) Mar 29, 2023
Prototype pollution in matrix-js-sdk (part 2) High
CVE-2023-28427 was published for matrix-js-sdk (npm) Mar 30, 2023
SvelteKit vulnerable to Cross-Site Request Forgery High
CVE-2023-29003 was published for @sveltejs/kit (npm) Apr 4, 2023
v1ktor0t benmccann
Conduitry teemingc dominikg
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS) High
CVE-2023-0835 was published for markdown-pdf (npm) Apr 5, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests High
CVE-2023-29008 was published for @sveltejs/kit (npm) Apr 7, 2023
Ry0taK benmccann
dominikg Conduitry
Authentication Bypass in @strapi/plugin-users-permissions High
GHSA-xv3q-jrmm-4fxv was published for @strapi/plugin-users-permissions (npm) Apr 18, 2023
derrickmehaffy Ccamm
Convly
Strapi leaking sensitive user information by filtering on private fields High
CVE-2023-22894 was published for @strapi/strapi (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly Marc-Roig
GovernorCompatibilityBravo may trim proposal calldata High
CVE-2023-30542 was published for @openzeppelin/contracts (npm) Apr 20, 2023
Session fixation in fastify-passport High
CVE-2023-29019 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
Prototype Pollution in sheetJS High
CVE-2023-30533 was published for xlsx (npm) Apr 24, 2023
pmartinat stof
Uncaught Exception in yaml High
CVE-2023-2251 was published for yaml (npm) Apr 24, 2023
chadlwilson pmartinat
mrgrain
HTML injection in search results via plaintext message highlighting High
CVE-2023-30609 was published for matrix-react-sdk (npm) Apr 25, 2023
Hidden fields can be leaked on readable collections in Payload High
CVE-2023-30843 was published for payload (npm) Apr 26, 2023
cpaczek
Ghost vulnerable to information disclosure of private API fields High
CVE-2023-31133 was published for ghost (npm) May 3, 2023
cpaczek
Path Traversal in Ghost High
CVE-2023-32235 was published for ghost (npm) May 5, 2023
m.static Directory Traversal vulnerability High
CVE-2023-26126 was published for m.static (npm) May 10, 2023
n8n Privilege Escalation vulnerability High
CVE-2023-27563 was published for n8n (npm) May 10, 2023
MarkLee131
n8n Information Disclosure vulnerability High
CVE-2023-27564 was published for n8n (npm) May 10, 2023
MarkLee131
Double spend in snarkjs High
CVE-2023-33252 was published for snarkjs (npm) May 22, 2023
bwm-ng vulnerable to command injection High
CVE-2023-26129 was published for bwm-ng (npm) May 27, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database