GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,382 advisories
Filter by severity
Prototype Pollution in JSON5 via Parse Method
High
CVE-2022-46175
was published
for
json5
(npm)
Dec 29, 2022
Cross-site Scripting in electron-pdf
High
CVE-2024-1648
was published
for
electron-pdf
(npm)
Feb 20, 2024
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
High
CVE-2024-26135
was published
for
meshcentral
(npm)
Feb 21, 2024
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`
High
GHSA-w4hv-vmv9-hgcr
was published
for
@scrypted/core
(npm)
Feb 16, 2024
Electron affected by libvpx's heap buffer overflow in vp8 encoding
High
CVE-2023-5217
was published
for
electron
(npm)
Sep 28, 2023
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
High
CVE-2023-51838
was published
for
meshcentral
(npm)
Feb 2, 2024
Luxon Inefficient Regular Expression Complexity vulnerability
High
CVE-2023-22467
was published
for
luxon
(npm)
Jan 9, 2023
Regular Expression Denial of Service in marked
High
CVE-2015-8854
was published
for
marked
(npm)
Oct 24, 2017
hoek subject to prototype pollution via the clone function.
High
CVE-2020-36604
was published
for
@hapi/hoek
(npm)
Sep 25, 2022
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37712
was published
for
tar
(npm)
Aug 31, 2021
flatnest Prototype Pollution vulnerability
High
CVE-2023-26135
was published
for
flatnest
(npm)
Jun 30, 2023
Arbitrary Code Execution in handlebars
High
GHSA-2cf5-4w76-r9qv
was published
for
handlebars
(npm)
Sep 4, 2020
MeshCentral algorithm-downgrade issue
High
CVE-2023-51842
was published
for
meshcentral
(npm)
Jan 29, 2024
Yarn untrusted search path vulnerability
High
CVE-2021-4435
was published
for
yarn
(npm)
Feb 4, 2024
@backstage/backend-app-api leaks GitLab access tokens
High
CVE-2023-6944
was published
for
@backstage/backend-app-api
(npm)
Jan 4, 2024
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37701
was published
for
tar
(npm)
Aug 31, 2021
MathJax Regular expression Denial of Service (ReDoS)
High
CVE-2023-39663
was published
for
mathjax
(npm)
Aug 29, 2023
react-query-streamed-hydration Cross-site Scripting vulnerability
High
CVE-2024-24558
was published
for
@tanstack/react-query-next-experimental
(npm)
Jan 30, 2024
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
High
CVE-2024-23841
was published
for
@apollo/experimental-nextjs-app-support
(npm)
Jan 30, 2024
ProTip!
Advisories are also available from the
GraphQL API