GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,510 advisories
Filter by severity
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Low
CVE-2024-29181
was published
for
@strapi/plugin-content-manager
(npm)
Jun 12, 2024
ws affected by a DoS when handling a request with many HTTP headers
High
CVE-2024-37890
was published
for
ws
(npm)
Jun 17, 2024
Mattermost Desktop App Remote Code Execution
Moderate
CVE-2024-37182
was published
for
mattermost-desktop
(npm)
Jun 14, 2024
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Low
CVE-2024-36287
was published
for
mattermost-desktop
(npm)
Jun 14, 2024
object-deep-assign Prototype Pollution
Moderate
CVE-2024-36582
was published
for
@alexbinary/object-deep-assign
(npm)
Jun 17, 2024
Badger Database Prototype Pollution
Moderate
CVE-2024-36581
was published
for
@abw/badger-database
(npm)
Jun 17, 2024
flatten-json Prototype Pollution
Moderate
CVE-2024-36574
was published
for
@allanlancioni/flatten-json
(npm)
Jun 17, 2024
Object Resolver Prototype Pollution
Moderate
CVE-2024-36577
was published
for
@apphp/object-resolver
(npm)
Jun 17, 2024
@akbr/update Prototype Pollution
Moderate
CVE-2024-36578
was published
for
@akbr/update
(npm)
Jun 17, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Moderate
CVE-2024-35255
was published
for
@azure/identity
(Go)
Jun 11, 2024
socket.io has an unhandled 'error' event
High
CVE-2024-38355
was published
for
socket.io
(npm)
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
matrix-appservice-irc IRC command injection via admin commands containing newlines
Moderate
CVE-2023-38690
was published
for
matrix-appservice-irc
(npm)
Aug 4, 2023
datatables.net vulnerable to Prototype Pollution due to incomplete fix
High
CVE-2020-28458
was published
for
datatables.net
(npm)
Dec 17, 2020
Prototype Pollution in minimist
Critical
CVE-2021-44906
was published
for
minimist
(npm)
Mar 18, 2022
tough-cookie Prototype Pollution vulnerability
Moderate
CVE-2023-26136
was published
for
tough-cookie
(npm)
Jul 1, 2023
Axios Cross-Site Request Forgery Vulnerability
Moderate
CVE-2023-45857
was published
for
axios
(npm)
Nov 8, 2023
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
JSZip contains Path Traversal via loadAsync
High
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
word-wrap vulnerable to Regular Expression Denial of Service
Moderate
CVE-2023-26115
was published
for
word-wrap
(npm)
Jun 22, 2023
ProTip!
Advisories are also available from the
GraphQL API