GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,438 advisories
Filter by severity
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
datatables.net vulnerable to Prototype Pollution due to incomplete fix
High
CVE-2020-28458
was published
for
datatables.net
(npm)
Dec 17, 2020
jsonwebtoken unrestricted key type could lead to legacy keys usage
High
CVE-2022-23539
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
llhttp vulnerable to HTTP request smuggling
High
CVE-2023-30589
was published
for
llhttp
(npm)
Jul 1, 2023
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
High
CVE-2020-28469
was published
for
glob-parent
(npm)
Jun 7, 2021
akbr patch-into was discovered to contain a prototype pollution via the function patchInto
High
CVE-2024-38991
was published
for
@akbr/patch-into
(npm)
Jul 1, 2024
frappejs was discovered to contain a prototype pollution via the function registerView
High
CVE-2024-38992
was published
for
@airvertco/frappejs
(npm)
Jul 1, 2024
@amoy/common v was discovered to contain a prototype pollution via the function extend
High
CVE-2024-38994
was published
for
@amoy/common
(npm)
Jul 1, 2024
s3-url-parser vulnerable to Denial of Service via regexes component
High
CVE-2024-25355
was published
for
s3-url-parser
(npm)
May 1, 2024
Object Resolver Prototype Pollution
High
CVE-2024-36577
was published
for
@apphp/object-resolver
(npm)
Jun 17, 2024
Uncontrolled resource consumption in braces
High
CVE-2024-4068
was published
for
braces
(npm)
May 14, 2024
Next.js Vulnerable to HTTP Request Smuggling
High
CVE-2024-34350
was published
for
next
(npm)
May 9, 2024
lunary-ai/lunary XSS in SAML metadata endpoint
High
CVE-2024-5478
was published
for
lunary
(npm)
Jun 6, 2024
Command Injection Vulnerability
High
CVE-2021-21315
was published
for
systeminformation
(npm)
Feb 16, 2021
EverShop vulnerable to improper authorization in GraphQL endpoints
High
CVE-2023-46942
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
@discordjs/opus vulnerable to Denial of Service
High
CVE-2024-21521
was published
for
@discordjs/opus
(npm)
Jul 10, 2024
speaker vulnerable to Denial of Service
High
CVE-2024-21526
was published
for
speaker
(npm)
Jul 10, 2024
Insufficient validation when decoding a Socket.IO packet
High
CVE-2023-32695
was published
for
socket.io-parser
(npm)
May 23, 2023
Regular Expression Denial of Service in ms
High
CVE-2015-8315
was published
for
ms
(npm)
Oct 24, 2017
(ReDoS) Regular Expression Denial of Service in tf2-item-format
High
CVE-2024-41655
was published
for
tf2-item-format
(npm)
Jul 23, 2024
JSZip contains Path Traversal via loadAsync
High
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
libxmljs vulnerable to type confusion when parsing specially crafted XML
High
CVE-2024-34392
was published
for
libxmljs
(npm)
May 2, 2024
Badger Database Prototype Pollution
High
CVE-2024-36581
was published
for
@abw/badger-database
(npm)
Jun 17, 2024
ProTip!
Advisories are also available from the
GraphQL API