GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,382 advisories
Filter by severity
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token
High
CVE-2017-16897
was published
for
passport-wsfed-saml2
(npm)
Jun 21, 2023
progressbar.js vulnerable to Prototype Pollution
High
CVE-2023-26133
was published
for
progressbar.js
(npm)
Jun 12, 2023
dottie vulnerable to Prototype Pollution
High
CVE-2023-26132
was published
for
dottie
(npm)
Jun 10, 2023
Snowflake NodeJS Driver vulnerable to Command Injection
High
CVE-2023-34232
was published
for
snowflake-sdk
(npm)
Jun 9, 2023
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme
High
CVE-2023-34245
was published
for
@udecode/plate-link
(npm)
Jun 9, 2023
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
High
CVE-2023-34104
was published
for
fast-xml-parser
(npm)
Jun 6, 2023
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
High
CVE-2023-34092
was published
for
vite
(npm)
Jun 6, 2023
bwm-ng vulnerable to command injection
High
CVE-2023-26129
was published
for
bwm-ng
(npm)
May 27, 2023
keep-module-latest vulnerable to Command Injection due to missing input sanitization
High
CVE-2023-26128
was published
for
keep-module-latest
(npm)
May 27, 2023
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function
High
CVE-2023-26127
was published
for
n158
(npm)
May 27, 2023
Insufficient validation when decoding a Socket.IO packet
High
CVE-2023-32695
was published
for
socket.io-parser
(npm)
May 23, 2023
n8n Information Disclosure vulnerability
High
CVE-2023-27564
was published
for
n8n
(npm)
May 10, 2023
m.static Directory Traversal vulnerability
High
CVE-2023-26126
was published
for
m.static
(npm)
May 10, 2023
Ghost vulnerable to information disclosure of private API fields
High
CVE-2023-31133
was published
for
ghost
(npm)
May 3, 2023
Hidden fields can be leaked on readable collections in Payload
High
CVE-2023-30843
was published
for
payload
(npm)
Apr 26, 2023
HTML injection in search results via plaintext message highlighting
High
CVE-2023-30609
was published
for
matrix-react-sdk
(npm)
Apr 25, 2023
Session fixation in fastify-passport
High
CVE-2023-29019
was published
for
@fastify/passport
(npm)
Apr 21, 2023
GovernorCompatibilityBravo may trim proposal calldata
High
CVE-2023-30542
was published
for
@openzeppelin/contracts
(npm)
Apr 20, 2023
Strapi leaking sensitive user information by filtering on private fields
High
CVE-2023-22894
was published
for
@strapi/strapi
(npm)
Apr 19, 2023
ProTip!
Advisories are also available from the
GraphQL API