GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
133 advisories
Filter by severity
Possible prototype pollution in metadata record, when using meta decorator
Low
CVE-2023-30857
was published
for
@aedart/support
(npm)
May 1, 2023
eslint-detailed-reporter vulnerable to cross-site scripting
Low
CVE-2022-4942
was published
for
eslint-detailed-reporter
(npm)
Apr 20, 2023
Shescape potential environment variable exposure on Windows with CMD
Low
CVE-2023-35931
was published
for
shescape
(npm)
Jun 22, 2023
Cross-Site Scripting in serialize-to-js
Low
CVE-2019-16772
was published
for
serialize-to-js
(npm)
Dec 6, 2019
Regular Expression Denial of Service in jadedown
Low
CVE-2016-10520
was published
for
jadedown
(npm)
Feb 18, 2019
Prevent logging invalid header values
Low
GHSA-j5g3-5c8r-7qfx
was published
for
@apollo/server
(npm)
Aug 30, 2023
Minimal `basti` IAM Policy Allows Shell Access
Low
GHSA-q4pp-j36h-3gqg
was published
for
basti-cdk
(npm)
Aug 24, 2023
Renderers can obtain access to random bluetooth device without permission in Electron
Low
CVE-2022-21718
was published
for
electron
(npm)
Mar 22, 2022
Regular Expression Denial of Service (ReDoS) in jsx-slack
Low
CVE-2021-43838
was published
for
jsx-slack
(npm)
Dec 17, 2021
Regular expression denial of service in semver-regex
Low
CVE-2021-43307
was published
for
semver-regex
(npm)
Jun 3, 2022
Regular expression denial of service in jquery-validation
Low
CVE-2021-43306
was published
for
jQuery.Validation
(npm)
Jun 3, 2022
Stylelint has vulnerability in semver dependency
Low
GHSA-f7xj-rg7h-mc87
was published
for
stylelint
(npm)
Jul 7, 2023
•
withdrawn
Vendure Cross Site Request Forgery vulnerability impacting all API requests
Low
GHSA-h9wq-xcqx-mqxm
was published
for
@vendure/core
(npm)
Jul 11, 2023
sweetalert2 v11.4.9 and above contains hidden functionality
Low
GHSA-qq6h-5g6j-q3cm
was published
for
sweetalert2
(npm)
Nov 23, 2022
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
@keystone-6/core's bundled cuid package known to be insecure
Low
GHSA-5fp6-4xw3-xqq3
was published
for
@keystone-6/core
(npm)
Jun 12, 2023
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces
Low
GHSA-68jh-rf6x-836f
was published
for
@apollo/server
(npm)
Jun 16, 2023
The `size` option isn't honored after following a redirect in node-fetch
Low
CVE-2020-15168
was published
for
node-fetch
(npm)
Sep 10, 2020
Regular Expression Denial of Service in marked
Low
GHSA-ch52-vgq2-943f
was published
for
marked
(npm)
Sep 3, 2020
Regular Expression Denial of Service in clean-css
Low
GHSA-wxhq-pm8v-cw75
was published
for
clean-css
(npm)
Jun 5, 2019
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Low
CVE-2017-18869
was published
for
chownr
(npm)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API