Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,382 advisories

Loading
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token High
CVE-2017-16897 was published for passport-wsfed-saml2 (npm) Jun 21, 2023
nuxt Code Injection vulnerability High
CVE-2023-3224 was published for nuxt (npm) Jun 13, 2023
danielroe OhB00
progressbar.js vulnerable to Prototype Pollution High
CVE-2023-26133 was published for progressbar.js (npm) Jun 12, 2023
kimmobrunfeldt juburr
dottie vulnerable to Prototype Pollution High
CVE-2023-26132 was published for dottie (npm) Jun 10, 2023
Snowflake NodeJS Driver vulnerable to Command Injection High
CVE-2023-34232 was published for snowflake-sdk (npm) Jun 9, 2023
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme High
CVE-2023-34245 was published for @udecode/plate-link (npm) Jun 9, 2023
OliverWales
fast-xml-parser vulnerable to Regex Injection via Doctype Entities High
CVE-2023-34104 was published for fast-xml-parser (npm) Jun 6, 2023
7085 levpachmanov
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) High
CVE-2023-34092 was published for vite (npm) Jun 6, 2023
agussetyar thenameisajay
bwm-ng vulnerable to command injection High
CVE-2023-26129 was published for bwm-ng (npm) May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization High
CVE-2023-26128 was published for keep-module-latest (npm) May 27, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function High
CVE-2023-26127 was published for n158 (npm) May 27, 2023
Insufficient validation when decoding a Socket.IO packet High
CVE-2023-32695 was published for socket.io-parser (npm) May 23, 2023
rafax00 darrachequesne
Double spend in snarkjs High
CVE-2023-33252 was published for snarkjs (npm) May 22, 2023
n8n Privilege Escalation vulnerability High
CVE-2023-27563 was published for n8n (npm) May 10, 2023
MarkLee131
n8n Information Disclosure vulnerability High
CVE-2023-27564 was published for n8n (npm) May 10, 2023
MarkLee131
m.static Directory Traversal vulnerability High
CVE-2023-26126 was published for m.static (npm) May 10, 2023
Path Traversal in Ghost High
CVE-2023-32235 was published for ghost (npm) May 5, 2023
Ghost vulnerable to information disclosure of private API fields High
CVE-2023-31133 was published for ghost (npm) May 3, 2023
cpaczek
Hidden fields can be leaked on readable collections in Payload High
CVE-2023-30843 was published for payload (npm) Apr 26, 2023
cpaczek
HTML injection in search results via plaintext message highlighting High
CVE-2023-30609 was published for matrix-react-sdk (npm) Apr 25, 2023
Uncaught Exception in yaml High
CVE-2023-2251 was published for yaml (npm) Apr 24, 2023
chadlwilson pmartinat
mrgrain
Prototype Pollution in sheetJS High
CVE-2023-30533 was published for xlsx (npm) Apr 24, 2023
pmartinat stof
Session fixation in fastify-passport High
CVE-2023-29019 was published for @fastify/passport (npm) Apr 21, 2023
pedromigueladao lavish
GovernorCompatibilityBravo may trim proposal calldata High
CVE-2023-30542 was published for @openzeppelin/contracts (npm) Apr 20, 2023
Strapi leaking sensitive user information by filtering on private fields High
CVE-2023-22894 was published for @strapi/strapi (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly Marc-Roig
ProTip! Advisories are also available from the GraphQL API