Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

951 advisories

Loading
dset vulnerable to prototype pollution Critical
CVE-2020-28277 was published for dset (npm) May 24, 2022
shvl vulnerable to prototype pollution Critical
CVE-2020-28278 was published for shvl (npm) May 24, 2022
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard Critical
CVE-2023-46233 was published for crypto-js (npm) Oct 25, 2023
Zemnmez nzgeek
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
Prototype Pollution in handlebars Critical
CVE-2021-23383 was published for handlebars (npm) Feb 10, 2022
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) Critical
CVE-2024-22206 was published for @clerk/nextjs (npm) Jan 12, 2024
nikosdouvlis SokratisVidros
colinclerk agis braden-clerk BRKalow
plotly.js prototype pollution vulnerability Critical
CVE-2023-46308 was published for plotly.js (Composer) Jan 3, 2024
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg
Arbitrary remote code execution within `wrangler dev` Workers sandbox Critical
CVE-2023-7080 was published for wrangler (npm) Jan 3, 2024
Lekensteyn
bsock uses weak hashing algorithms Critical
CVE-2023-50475 was published for bsock (npm) Dec 21, 2023
Pedroetb TTS-API OS Command Injection Critical
CVE-2019-25158 was published for tts-api (npm) Dec 19, 2023
Cross-site Scripting in @spscommerce/ds-react Critical
GHSA-cfxh-frx4-9gjg was published for @spscommerce/ds-react (npm) Dec 15, 2023
shramko82 knedev42
jimthedev
Code execution in evershop Critical
CVE-2023-46498 was published for @evershop/evershop (npm) Dec 8, 2023
Malicious Package in beffer-xor Critical
GHSA-7cvf-p83w-48q6 was published for beffer-xor (npm) Sep 3, 2020
mprpic
Malicious Package in another-date-range-picker Critical
GHSA-8rxg-9g6f-vq9p was published for another-date-range-picker (npm) Sep 1, 2020
Malicious Package in @impala/bmap Critical
GHSA-c82c-8pjw-6829 was published for @impala/bmap (npm) Sep 1, 2020
Malicious Package in another-date-picker Critical
GHSA-2p62-c4rm-mr72 was published for another-date-picker (npm) Sep 1, 2020
mprpic
openssl npm package vulnerable to command execution Critical
CVE-2023-49210 was published for openssl (npm) Nov 23, 2023
Exposure of Resource to Wrong Sphere in Zip-Local Critical
CVE-2021-23484 was published for zip-local (npm) Feb 1, 2022
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection Critical
CVE-2020-28502 was published for xmlhttprequest (npm) May 4, 2021
Improper Certificate Validation in xmlhttprequest-ssl Critical
CVE-2021-31597 was published for xmlhttprequest-ssl (npm) May 24, 2021
vm2 Sandbox Escape vulnerability Critical
CVE-2023-29199 was published for vm2 (npm) Apr 12, 2023
leesh3288
Prototype Pollution in vConsole Critical
CVE-2023-30363 was published for vconsole (npm) Apr 26, 2023
renbaoshuo
Authorization Bypass Through User-Controlled Key in url-parse Critical
CVE-2022-0686 was published for url-parse (npm) Feb 21, 2022
Arbitrary Code Execution in underscore Critical
CVE-2021-23358 was published for underscore (npm) May 6, 2021
rajuc075
ProTip! Advisories are also available from the GraphQL API