GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
962 advisories
Filter by severity
protobufjs Prototype Pollution vulnerability
Critical
CVE-2023-36665
was published
for
protobufjs
(npm)
Jul 5, 2023
CleverTap Cordova plugin vulnerable to Cross-site Scripting
Critical
CVE-2023-2507
was published
for
clevertap-cordova
(npm)
Jul 15, 2023
Mongoose Prototype Pollution vulnerability
Critical
CVE-2023-3696
was published
for
mongoose
(npm)
Jul 17, 2023
Path traversal and code execution via prototype vulnerability
Critical
CVE-2023-26045
was published
for
nodebb
(npm)
Jul 25, 2023
Anyone with a share link can RESET all website data in Umami
Critical
GHSA-8www-cffh-4q98
was published
for
umami
(npm)
Jul 28, 2023
Soketi was exposed to Sandbox Escape vulnerability via vm2
Critical
GHSA-g6w6-h933-4rc5
was published
for
@soketi/soketi
(npm)
Aug 3, 2023
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
Critical
CVE-2023-39532
was published
for
ses
(npm)
Aug 9, 2023
MrSwitch hello.js vulnerable to prototype pollution
Critical
CVE-2021-26505
was published
for
hellojs
(npm)
Aug 11, 2023
external-svg-loader Cross-site Scripting vulnerability
Critical
CVE-2023-40013
was published
for
external-svg-loader
(npm)
Aug 14, 2023
tree-kit Prototype Pollution vulnerability
Critical
CVE-2023-38894
was published
for
tree-kit
(npm)
Aug 17, 2023
Command Injection Vulnerability in find-exec
Critical
CVE-2023-40582
was published
for
find-exec
(npm)
Aug 30, 2023
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Critical
CVE-2023-33831
was published
for
@frangoteam/fuxa
(npm)
Sep 18, 2023
systeminformation SSID Command Injection Vulnerability
Critical
CVE-2023-42810
was published
for
systeminformation
(npm)
Sep 21, 2023
FUXA SQL Injection vulnerability
Critical
CVE-2023-31719
was published
for
fuxa-server
(npm)
Sep 22, 2023
Server-Side Request Forgery (SSRF) in vriteio/vrite
Critical
CVE-2023-5572
was published
for
@vrite/sdk
(npm)
Oct 13, 2023
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
Prototype Pollution in ali-security/mongoose
Critical
GHSA-rc4v-99cr-pjcm
was published
for
@seal-security/mongoose-fixed
(npm)
Oct 17, 2023
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46133
was published
for
crypto-es
(npm)
Oct 25, 2023
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Critical
CVE-2023-46233
was published
for
crypto-js
(npm)
Oct 25, 2023
openssl npm package vulnerable to command execution
Critical
CVE-2023-49210
was published
for
openssl
(npm)
Nov 23, 2023
Code execution in evershop
Critical
CVE-2023-46498
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
ProTip!
Advisories are also available from the
GraphQL API