GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
146 advisories
Filter by severity
ERC1155Supply vulnerability in OpenZeppelin Contracts
Low
GHSA-wmpv-c2jp-j2xg
was published
for
@openzeppelin/contracts
(npm)
Nov 15, 2021
Cross-site Scripting in bootstrap-table
Low
CVE-2021-23472
was published
for
bootstrap-table
(npm)
Nov 8, 2021
Path traversal when using `preview-docs` when working dir contains files with question mark `?` in name
Low
GHSA-q324-q795-2q5p
was published
for
@redocly/openapi-cli
(npm)
Oct 12, 2021
Command injection in @diez/generation
Low
CVE-2021-32830
was published
for
@diez/generation
(npm)
Sep 2, 2021
Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode
Low
GHSA-xh2p-7p87-fhgh
was published
for
@liquity/contracts
(npm)
Aug 5, 2021
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
Low
GHSA-jcgr-9698-82jx
was published
for
@floffah/build
(npm)
May 28, 2021
User content sandbox can be confused into opening arbitrary documents
Low
CVE-2021-21320
was published
for
matrix-react-sdk
(npm)
Mar 3, 2021
Path traversal in Node-Red
Low
CVE-2021-21298
was published
for
@node-red/runtime
(npm)
Feb 26, 2021
Token verification bug in next-auth
Low
CVE-2021-21310
was published
for
next-auth
(npm)
Feb 11, 2021
Regex denial of service vulnerability in codesample plugin
Low
GHSA-h96f-fc7c-9r55
was published
for
tinymce
(npm)
Jan 6, 2021
Parse Server stores password in plain text
Low
CVE-2020-26288
was published
for
parse-server
(npm)
Dec 28, 2020
Denial of service in fast-csv
Low
CVE-2020-26256
was published
for
@fast-csv/parse
(npm)
Dec 8, 2020
Unprotected dynamically loaded chunks
Low
CVE-2020-15262
was published
for
webpack-subresource-integrity
(npm)
Oct 19, 2020
Regular Expression Denial of Service in npm-user-validate
Low
GHSA-xgh6-85xh-479p
was published
for
npm-user-validate
(npm)
Oct 16, 2020
Context isolation bypass in Electron
Low
CVE-2020-15215
was published
for
electron
(npm)
Oct 6, 2020
Environment Variable Injection in GitHub Actions
Low
CVE-2020-15228
was published
for
@actions/core
(npm)
Oct 1, 2020
Incorrect Calculation in bigint-money
Low
GHSA-9r3m-mhfm-39cm
was published
for
bigint-money
(npm)
Sep 11, 2020
The `size` option isn't honored after following a redirect in node-fetch
Low
CVE-2020-15168
was published
for
node-fetch
(npm)
Sep 10, 2020
personnummer/js vulnerable to Improper Input Validation
Low
GHSA-vpgc-7h78-gx8f
was published
for
personnummer
(npm)
Sep 4, 2020
Prototype Pollution in @hapi/hoek
Low
GHSA-22h7-7wwg-qmgg
was published
for
@hapi/hoek
(npm)
Sep 4, 2020
Information Exposure in type-graphql
Low
GHSA-xf64-2f9p-6pqq
was published
for
type-graphql
(npm)
Sep 4, 2020
Global node_modules Binary Overwrite in bin-links
Low
GHSA-v45m-2wcp-gg98
was published
for
bin-links
(npm)
Sep 4, 2020
Symlink reference outside of node_modules in bin-links
Low
GHSA-2mj8-pj3j-h362
was published
for
bin-links
(npm)
Sep 4, 2020
ProTip!
Advisories are also available from the
GraphQL API