Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,510 advisories

Loading
Cross site scripting in datatables.net Moderate
CVE-2021-23445 was published for datatables.net (npm) Sep 29, 2021
Prototype Pollution in async High
CVE-2021-43138 was published for async (npm) Apr 7, 2022
dargmuesli FrederikBolding
jomi-se azaleski morenol MaxLian11
jsonwebtoken unrestricted key type could lead to legacy keys usage High
CVE-2022-23539 was published for jsonwebtoken (npm) Dec 22, 2022
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC Moderate
CVE-2022-23541 was published for jsonwebtoken (npm) Dec 22, 2022
llhttp vulnerable to HTTP request smuggling High
CVE-2023-30589 was published for llhttp (npm) Jul 1, 2023
Cross-site Scripting in ZenUML Moderate
CVE-2024-38527 was published for @zenuml/core (npm) Jun 26, 2024
Yash-Singh1
@fastly/js-compute has a use-after-free in some host call implementations Moderate
CVE-2024-38375 was published for @fastly/js-compute (npm) Jun 26, 2024
elliottt
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex High
CVE-2020-28469 was published for glob-parent (npm) Jun 7, 2021
sealonohana
NPM IP package incorrectly identifies some private IP addresses as public Low
CVE-2023-42282 was published for ip (npm) Feb 8, 2024
G-Rath levpachmanov
dotboris iFreilicht
protobufjs Prototype Pollution vulnerability Critical
CVE-2023-36665 was published for protobufjs (npm) Jul 5, 2023
fhoeben stephengroat
ProTip! Advisories are also available from the GraphQL API