Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

133 advisories

Loading
Possible prototype pollution in metadata record, when using meta decorator Low
CVE-2023-30857 was published for @aedart/support (npm) May 1, 2023
eslint-detailed-reporter vulnerable to cross-site scripting Low
CVE-2022-4942 was published for eslint-detailed-reporter (npm) Apr 20, 2023
Shescape potential environment variable exposure on Windows with CMD Low
CVE-2023-35931 was published for shescape (npm) Jun 22, 2023
Zod denial of service vulnerability Low
CVE-2023-4316 was published for zod (npm) Sep 28, 2023
RobinTail
Cross-Site Scripting in serialize-to-js Low
CVE-2019-16772 was published for serialize-to-js (npm) Dec 6, 2019
Remote Memory Disclosure in ws Low
CVE-2016-10518 was published for ws (npm) Feb 18, 2019
tdunlap607
Regular Expression Denial of Service in jadedown Low
CVE-2016-10520 was published for jadedown (npm) Feb 18, 2019
Prevent logging invalid header values Low
GHSA-j5g3-5c8r-7qfx was published for @apollo/server (npm) Aug 30, 2023
Minimal `basti` IAM Policy Allows Shell Access Low
GHSA-q4pp-j36h-3gqg was published for basti-cdk (npm) Aug 24, 2023
ramimac
Renderers can obtain access to random bluetooth device without permission in Electron Low
CVE-2022-21718 was published for electron (npm) Mar 22, 2022
PalmerAL
Regular Expression Denial of Service (ReDoS) in jsx-slack Low
CVE-2021-43838 was published for jsx-slack (npm) Dec 17, 2021
hieki
Regular expression denial of service in semver-regex Low
CVE-2021-43307 was published for semver-regex (npm) Jun 3, 2022
Regular expression denial of service in jquery-validation Low
CVE-2021-43306 was published for jQuery.Validation (npm) Jun 3, 2022
klaudialax
Stylelint has vulnerability in semver dependency Low
GHSA-f7xj-rg7h-mc87 was published for stylelint (npm) Jul 7, 2023 withdrawn
romainmenke
Vendure Cross Site Request Forgery vulnerability impacting all API requests Low
GHSA-h9wq-xcqx-mqxm was published for @vendure/core (npm) Jul 11, 2023
Yaniv-git
sweetalert2 v11.4.9 and above contains hidden functionality Low
GHSA-qq6h-5g6j-q3cm was published for sweetalert2 (npm) Nov 23, 2022
limonte
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
@keystone-6/core's bundled cuid package known to be insecure Low
GHSA-5fp6-4xw3-xqq3 was published for @keystone-6/core (npm) Jun 12, 2023
TomDo1234
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces Low
GHSA-68jh-rf6x-836f was published for @apollo/server (npm) Jun 16, 2023
The `size` option isn't honored after following a redirect in node-fetch Low
CVE-2020-15168 was published for node-fetch (npm) Sep 10, 2020
rynop tdunlap607
Regular Expression Denial of Service in marked Low
GHSA-ch52-vgq2-943f was published for marked (npm) Sep 3, 2020
Regular Expression Denial of Service in clean-css Low
GHSA-wxhq-pm8v-cw75 was published for clean-css (npm) Jun 5, 2019
G-Rath
Reverse Tabnabbing in showdown Low
GHSA-h6mq-3cj6-h738 was published for showdown (npm) Sep 3, 2020
tdunlap607
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr Low
CVE-2017-18869 was published for chownr (npm) Feb 10, 2022
tdunlap607
Command Injection in Limdu Low
CVE-2020-4066 was published for limdu (npm) Jun 22, 2020
Churro
ProTip! Advisories are also available from the GraphQL API