GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
951 advisories
Filter by severity
dset vulnerable to prototype pollution
Critical
CVE-2020-28277
was published
for
dset
(npm)
May 24, 2022
shvl vulnerable to prototype pollution
Critical
CVE-2020-28278
was published
for
shvl
(npm)
May 24, 2022
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46233
was published
for
crypto-js
(npm)
Oct 25, 2023
npm package rfc6902 vulnerable to Prototype Pollution
Critical
CVE-2021-4245
was published
for
rfc6902
(npm)
Dec 15, 2022
Prototype Pollution in handlebars
Critical
CVE-2021-23383
was published
for
handlebars
(npm)
Feb 10, 2022
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
plotly.js prototype pollution vulnerability
Critical
CVE-2023-46308
was published
for
plotly.js
(Composer)
Jan 3, 2024
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
Arbitrary remote code execution within `wrangler dev` Workers sandbox
Critical
CVE-2023-7080
was published
for
wrangler
(npm)
Jan 3, 2024
bsock uses weak hashing algorithms
Critical
CVE-2023-50475
was published
for
bsock
(npm)
Dec 21, 2023
Pedroetb TTS-API OS Command Injection
Critical
CVE-2019-25158
was published
for
tts-api
(npm)
Dec 19, 2023
Cross-site Scripting in @spscommerce/ds-react
Critical
GHSA-cfxh-frx4-9gjg
was published
for
@spscommerce/ds-react
(npm)
Dec 15, 2023
Code execution in evershop
Critical
CVE-2023-46498
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Malicious Package in beffer-xor
Critical
GHSA-7cvf-p83w-48q6
was published
for
beffer-xor
(npm)
Sep 3, 2020
Malicious Package in another-date-range-picker
Critical
GHSA-8rxg-9g6f-vq9p
was published
for
another-date-range-picker
(npm)
Sep 1, 2020
Malicious Package in @impala/bmap
Critical
GHSA-c82c-8pjw-6829
was published
for
@impala/bmap
(npm)
Sep 1, 2020
Malicious Package in another-date-picker
Critical
GHSA-2p62-c4rm-mr72
was published
for
another-date-picker
(npm)
Sep 1, 2020
openssl npm package vulnerable to command execution
Critical
CVE-2023-49210
was published
for
openssl
(npm)
Nov 23, 2023
Exposure of Resource to Wrong Sphere in Zip-Local
Critical
CVE-2021-23484
was published
for
zip-local
(npm)
Feb 1, 2022
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
Critical
CVE-2020-28502
was published
for
xmlhttprequest
(npm)
May 4, 2021
Improper Certificate Validation in xmlhttprequest-ssl
Critical
CVE-2021-31597
was published
for
xmlhttprequest-ssl
(npm)
May 24, 2021
Prototype Pollution in vConsole
Critical
CVE-2023-30363
was published
for
vconsole
(npm)
Apr 26, 2023
Authorization Bypass Through User-Controlled Key in url-parse
Critical
CVE-2022-0686
was published
for
url-parse
(npm)
Feb 21, 2022
Arbitrary Code Execution in underscore
Critical
CVE-2021-23358
was published
for
underscore
(npm)
May 6, 2021
ProTip!
Advisories are also available from the
GraphQL API