GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
146 advisories
Filter by severity
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Low
CVE-2024-27088
was published
for
es5-ext
(npm)
Feb 26, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Low
CVE-2024-24758
was published
for
undici
(npm)
Feb 16, 2024
lambda-middleware Inefficient Regular Expression Complexity vulnerability
Low
CVE-2021-4437
was published
for
@lambda-middleware/json-deserializer
(npm)
Feb 12, 2024
NPM IP package incorrectly identifies some private IP addresses as public
Low
CVE-2023-42282
was published
for
ip
(npm)
Feb 8, 2024
Local File Inclusion vulnerability in zmarkdown
Low
GHSA-mq6v-w35g-3c97
was published
for
zmarkdown
(npm)
Feb 3, 2024
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Low
CVE-2023-48711
was published
for
google-translate-api-browser
(npm)
Nov 27, 2023
Next.js missing cache-control header may lead to CDN caching empty reply
Low
CVE-2023-46298
was published
for
next
(npm)
Oct 22, 2023
Undici's cookie header not cleared on cross-origin redirect in fetch
Low
CVE-2023-45143
was published
for
undici
(npm)
Oct 16, 2023
Prevent logging invalid header values
Low
GHSA-j5g3-5c8r-7qfx
was published
for
@apollo/server
(npm)
Aug 30, 2023
Minimal `basti` IAM Policy Allows Shell Access
Low
GHSA-q4pp-j36h-3gqg
was published
for
basti-cdk
(npm)
Aug 24, 2023
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Low
CVE-2023-38700
was published
for
matrix-appservice-irc
(npm)
Aug 4, 2023
Vendure Cross Site Request Forgery vulnerability impacting all API requests
Low
GHSA-h9wq-xcqx-mqxm
was published
for
@vendure/core
(npm)
Jul 11, 2023
sweetalert2 v11.6.14 and above contains potentially undesirable behavior
Low
GHSA-mrr8-v49w-3333
was published
for
sweetalert2
(npm)
Jul 10, 2023
Stylelint has vulnerability in semver dependency
Low
GHSA-f7xj-rg7h-mc87
was published
for
stylelint
(npm)
Jul 7, 2023
•
withdrawn
Shescape potential environment variable exposure on Windows with CMD
Low
CVE-2023-35931
was published
for
shescape
(npm)
Jun 22, 2023
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces
Low
GHSA-68jh-rf6x-836f
was published
for
@apollo/server
(npm)
Jun 16, 2023
fast-xml-parser regex vulnerability patch could be improved from a safety perspective
Low
GHSA-gpv5-7x3g-ghjv
was published
for
fast-xml-parser
(npm)
Jun 15, 2023
@keystone-6/core's bundled cuid package known to be insecure
Low
GHSA-5fp6-4xw3-xqq3
was published
for
@keystone-6/core
(npm)
Jun 12, 2023
Possible prototype pollution in metadata record, when using meta decorator
Low
CVE-2023-30857
was published
for
@aedart/support
(npm)
May 1, 2023
eslint-detailed-reporter vulnerable to cross-site scripting
Low
CVE-2022-4942
was published
for
eslint-detailed-reporter
(npm)
Apr 20, 2023
Imperative CLI vulnerable to Command Injection
Low
CVE-2021-4326
was published
for
@zowe/imperative
(npm)
Mar 1, 2023
sweetalert2 v8.19.1 and above contains hidden functionality
Low
GHSA-8jh9-wqpf-q52c
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v9.17.4 and above contains hidden functionality
Low
GHSA-pg98-6v7f-2xfv
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v10.16.10 and above contains hidden functionality
Low
GHSA-457r-cqc8-9vj9
was published
for
sweetalert2
(npm)
Nov 23, 2022
sweetalert2 v11.4.9 and above contains hidden functionality
Low
GHSA-qq6h-5g6j-q3cm
was published
for
sweetalert2
(npm)
Nov 23, 2022
ProTip!
Advisories are also available from the
GraphQL API