Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,382 advisories

Loading
Strapi Improper Rate Limiting vulnerability High
CVE-2023-38507 was published for @strapi/admin (npm) Sep 13, 2023
scgajge12 derrickmehaffy
innerdvations alexandrebodin
libwebp: OOB write in BuildHuffmanTable High
CVE-2023-4863 was published for Pillow (Go) Sep 12, 2023
delroth Nachtalb
pshelton-skype
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled High
CVE-2023-23623 was published for electron (npm) Sep 6, 2023
andreasdj
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer High
CVE-2023-41058 was published for parse-server (npm) Sep 4, 2023
Moumouls mtrezza
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client High
CVE-2023-41049 was published for @dcl/single-sign-on-client (npm) Sep 4, 2023
MathJax Regular expression Denial of Service (ReDoS) High
CVE-2023-39663 was published for mathjax (npm) Aug 29, 2023
webui-aria2 Path Traversal vulnerability High
CVE-2023-39141 was published for webui-aria2 (npm) Aug 22, 2023
JafarAkhondali
Shescape on Windows escaping may be bypassed in threaded context High
CVE-2023-40185 was published for shescape (npm) Aug 22, 2023
Unsanitized user controlled input in module generation High
GHSA-f8pq-3926-8gx5 was published for @opentelemetry/instrumentation (npm) Aug 9, 2023
Qard
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory High
GHSA-r3hf-q8q7-fv2p was published for @nguniversal/common (npm) Aug 9, 2023
import-in-the-middle has unsanitized user controlled input in module generation High
CVE-2023-38704 was published for import-in-the-middle (npm) Aug 8, 2023
pnpm incorrectly parses tar archives relative to specification High
CVE-2023-37478 was published for @pnpm/cafs (npm) Aug 1, 2023
underscore-keypath vulnerable to Prototype Pollution High
CVE-2023-26139 was published for underscore-keypath (npm) Aug 1, 2023
Unsafe plugins can be installed via pack import by tenant admins High
GHSA-wxf3-4fvj-vqqx was published for @saltcorn/cli (npm) Jul 27, 2023
pyhedgehog
DoS vulnerability for apps with sockets enabled High
CVE-2023-38504 was published for sails (npm) Jul 27, 2023
ThomasRinsma DominusKelvin
eashaw
Leaking sensitive user information still possible by filtering on private with prefix fields High
CVE-2023-34235 was published for @strapi/database (npm) Jul 25, 2023
Boegie19 derrickmehaffy
innerdvations Marc-Roig Bassel17
Feathers socket handler allows abusing implicit toString High
CVE-2023-37899 was published for @feathersjs/socketio (npm) Jul 20, 2023
CodeanIO
webmention.js Cross-site Scripting vulnerability High
CVE-2023-3672 was published for webmention.js (npm) Jul 14, 2023
is_js vulnerable to Regular Expression Denial of Service High
CVE-2020-26302 was published for is_js (npm) Jul 6, 2023
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state High
CVE-2023-31999 was published for @fastify/oauth2 (npm) Jul 5, 2023
erezarnon panva
mcollina marco-ippolito
llhttp vulnerable to HTTP request smuggling High
CVE-2023-30589 was published for llhttp (npm) Jul 1, 2023
flatnest Prototype Pollution vulnerability High
CVE-2023-26135 was published for flatnest (npm) Jun 30, 2023
passport-wsfed-saml2 Signature Bypass vulnerability High
GHSA-5wrg-8fxp-cx9r was published for passport-wsfed-saml2 (npm) Jun 21, 2023
Backstage Scaffolder plugin has insecure sandbox High
CVE-2023-35926 was published for @backstage/plugin-scaffolder-backend (npm) Jun 21, 2023
ProTip! Advisories are also available from the GraphQL API