GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,645 advisories
Filter by severity
Withdrawn Advisory: Insufficient Granularity of Access Control in JSDom
Low
CVE-2021-20066
was published
for
jsdom
(npm)
May 24, 2022
•
withdrawn
lunary-ai/lunary XSS in SAML metadata endpoint
High
CVE-2024-5478
was published
for
lunary
(npm)
Jun 6, 2024
Command Injection Vulnerability
High
CVE-2021-21315
was published
for
systeminformation
(npm)
Feb 16, 2021
EverShop vulnerable to improper authorization in GraphQL endpoints
High
CVE-2023-46942
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
The fuels-ts typescript SDK has no awareness of to-be-spent transactions
Low
CVE-2024-41945
was published
for
@fuel-ts/account
(npm)
Jul 30, 2024
@aofl/cli-lib Prototype Pollution vulnerability
Moderate
CVE-2024-38987
was published
for
@aofl/cli-lib
(npm)
Jul 1, 2024
@cat5th/key-serializer Prototype Pollution vulnerability
Moderate
CVE-2024-39018
was published
for
@cat5th/key-serializer
(npm)
Jul 1, 2024
speaker vulnerable to Denial of Service
High
CVE-2024-21526
was published
for
speaker
(npm)
Jul 10, 2024
@discordjs/opus vulnerable to Denial of Service
High
CVE-2024-21521
was published
for
@discordjs/opus
(npm)
Jul 10, 2024
Insufficient validation when decoding a Socket.IO packet
High
CVE-2023-32695
was published
for
socket.io-parser
(npm)
May 23, 2023
Regular Expression Denial of Service in ms
High
CVE-2015-8315
was published
for
ms
(npm)
Oct 24, 2017
Spoofing attack in swagger-ui
Moderate
CVE-2018-25031
was published
for
swagger-ui
(npm)
Mar 12, 2022
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
(ReDoS) Regular Expression Denial of Service in tf2-item-format
High
CVE-2024-41655
was published
for
tf2-item-format
(npm)
Jul 23, 2024
JSZip contains Path Traversal via loadAsync
High
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
VvvebJs Arbitrary File Upload vulnerability
Moderate
CVE-2024-29272
was published
for
vvvebJs
(npm)
Mar 22, 2024
mysql2 cache poisoning vulnerability
Moderate
CVE-2024-21507
was published
for
mysql2
(npm)
Apr 10, 2024
ejs lacks certain pollution protection
Moderate
CVE-2024-33883
was published
for
ejs
(npm)
Apr 28, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34392
was published
for
libxmljs
(npm)
May 2, 2024
Badger Database Prototype Pollution
High
CVE-2024-36581
was published
for
@abw/badger-database
(npm)
Jun 17, 2024
images vulnerable to Denial of Service
High
CVE-2024-21523
was published
for
images
(npm)
Jul 10, 2024
@thi.ng/paths Prototype Pollution vulnerability
Critical
CVE-2024-29650
was published
for
@thi.ng/paths
(npm)
Mar 25, 2024
njwt Prototype Pollution vulnerability
Moderate
CVE-2024-34273
was published
for
njwt
(npm)
May 16, 2024
ProTip!
Advisories are also available from the
GraphQL API