GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,382 advisories
Filter by severity
Strapi Improper Rate Limiting vulnerability
High
CVE-2023-38507
was published
for
@strapi/admin
(npm)
Sep 13, 2023
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
High
CVE-2023-23623
was published
for
electron
(npm)
Sep 6, 2023
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer
High
CVE-2023-41058
was published
for
parse-server
(npm)
Sep 4, 2023
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
High
CVE-2023-41049
was published
for
@dcl/single-sign-on-client
(npm)
Sep 4, 2023
MathJax Regular expression Denial of Service (ReDoS)
High
CVE-2023-39663
was published
for
mathjax
(npm)
Aug 29, 2023
webui-aria2 Path Traversal vulnerability
High
CVE-2023-39141
was published
for
webui-aria2
(npm)
Aug 22, 2023
Shescape on Windows escaping may be bypassed in threaded context
High
CVE-2023-40185
was published
for
shescape
(npm)
Aug 22, 2023
Unsanitized user controlled input in module generation
High
GHSA-f8pq-3926-8gx5
was published
for
@opentelemetry/instrumentation
(npm)
Aug 9, 2023
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory
High
GHSA-r3hf-q8q7-fv2p
was published
for
@nguniversal/common
(npm)
Aug 9, 2023
import-in-the-middle has unsanitized user controlled input in module generation
High
CVE-2023-38704
was published
for
import-in-the-middle
(npm)
Aug 8, 2023
pnpm incorrectly parses tar archives relative to specification
High
CVE-2023-37478
was published
for
@pnpm/cafs
(npm)
Aug 1, 2023
underscore-keypath vulnerable to Prototype Pollution
High
CVE-2023-26139
was published
for
underscore-keypath
(npm)
Aug 1, 2023
Unsafe plugins can be installed via pack import by tenant admins
High
GHSA-wxf3-4fvj-vqqx
was published
for
@saltcorn/cli
(npm)
Jul 27, 2023
DoS vulnerability for apps with sockets enabled
High
CVE-2023-38504
was published
for
sails
(npm)
Jul 27, 2023
Leaking sensitive user information still possible by filtering on private with prefix fields
High
CVE-2023-34235
was published
for
@strapi/database
(npm)
Jul 25, 2023
Feathers socket handler allows abusing implicit toString
High
CVE-2023-37899
was published
for
@feathersjs/socketio
(npm)
Jul 20, 2023
webmention.js Cross-site Scripting vulnerability
High
CVE-2023-3672
was published
for
webmention.js
(npm)
Jul 14, 2023
is_js vulnerable to Regular Expression Denial of Service
High
CVE-2020-26302
was published
for
is_js
(npm)
Jul 6, 2023
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
High
CVE-2023-31999
was published
for
@fastify/oauth2
(npm)
Jul 5, 2023
llhttp vulnerable to HTTP request smuggling
High
CVE-2023-30589
was published
for
llhttp
(npm)
Jul 1, 2023
flatnest Prototype Pollution vulnerability
High
CVE-2023-26135
was published
for
flatnest
(npm)
Jun 30, 2023
passport-wsfed-saml2 Signature Bypass vulnerability
High
GHSA-5wrg-8fxp-cx9r
was published
for
passport-wsfed-saml2
(npm)
Jun 21, 2023
Backstage Scaffolder plugin has insecure sandbox
High
CVE-2023-35926
was published
for
@backstage/plugin-scaffolder-backend
(npm)
Jun 21, 2023
ProTip!
Advisories are also available from the
GraphQL API