Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,382 advisories

Loading
socket.io has an unhandled 'error' event High
CVE-2024-38355 was published for socket.io (npm) Jun 19, 2024
Y0ursTruly
datatables.net vulnerable to Prototype Pollution due to incomplete fix High
CVE-2020-28458 was published for datatables.net (npm) Dec 17, 2020
JSZip contains Path Traversal via loadAsync High
CVE-2022-48285 was published for jszip (npm) Jan 29, 2023
Prototype Pollution in async High
CVE-2021-43138 was published for async (npm) Apr 7, 2022
dargmuesli FrederikBolding
jomi-se azaleski morenol MaxLian11
jsonwebtoken unrestricted key type could lead to legacy keys usage High
CVE-2022-23539 was published for jsonwebtoken (npm) Dec 22, 2022
llhttp vulnerable to HTTP request smuggling High
CVE-2023-30589 was published for llhttp (npm) Jul 1, 2023
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex High
CVE-2020-28469 was published for glob-parent (npm) Jun 7, 2021
sealonohana
ProTip! Advisories are also available from the GraphQL API