GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,382 advisories
Filter by severity
Authentication Bypass in @strapi/plugin-users-permissions
High
GHSA-xv3q-jrmm-4fxv
was published
for
@strapi/plugin-users-permissions
(npm)
Apr 18, 2023
SvelteKit framework has Insufficient CSRF protection for CORS requests
High
CVE-2023-29008
was published
for
@sveltejs/kit
(npm)
Apr 7, 2023
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)
High
CVE-2023-0835
was published
for
markdown-pdf
(npm)
Apr 5, 2023
SvelteKit vulnerable to Cross-Site Request Forgery
High
CVE-2023-29003
was published
for
@sveltejs/kit
(npm)
Apr 4, 2023
Prototype pollution in matrix-js-sdk (part 2)
High
CVE-2023-28427
was published
for
matrix-js-sdk
(npm)
Mar 30, 2023
Prototype pollution in matrix-react-sdk
High
CVE-2023-28103
was published
for
matrix-react-sdk
(npm)
Mar 29, 2023
matrix-react-sdk Prototype pollution vulnerability
High
CVE-2022-36060
was published
for
matrix-react-sdk
(npm)
Mar 28, 2023
matrix-js-sdk Prototype Pollution vulnerability
High
CVE-2022-36059
was published
for
matrix-js-sdk
(npm)
Mar 28, 2023
Duplicate Advisory: pullit Command Injection vulnerability
High
GHSA-2w9p-xf5h-qwj3
was published
for
pullit
(npm)
Mar 27, 2023
•
withdrawn
Collection.js vulnerable to Prototype Pollution
High
CVE-2023-26113
was published
for
collection.js
(npm)
Mar 18, 2023
Arbitrary local file read vulnerability during template rendering
High
CVE-2023-25345
was published
for
swig
(npm)
Mar 15, 2023
Missing proper state, nonce and PKCE checks for OAuth authentication
High
CVE-2023-27490
was published
for
next-auth
(npm)
Mar 13, 2023
sqlite vulnerable to code execution due to Object coercion
High
CVE-2022-43441
was published
for
sqlite3
(npm)
Mar 13, 2023
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
High
CVE-2023-27474
was published
for
directus
(npm)
Mar 7, 2023
dot-lens vulnerable to Prototype Pollution
High
CVE-2023-26106
was published
for
dot-lens
(npm)
Mar 6, 2023
node-static and @nubosoftware/node-static vulnerable to Directory Traversal
High
CVE-2023-26111
was published
for
@nubosoftware/node-static
(npm)
Mar 6, 2023
SketchSVG Arbitrary Code Injection vulnerability
High
CVE-2023-26107
was published
for
sketchsvg
(npm)
Mar 6, 2023
mde utilities contains Prototype Pollution
High
CVE-2023-26105
was published
for
utilities
(npm)
Feb 28, 2023
Denial of Service vulnerability in lite-web-server
High
CVE-2023-26104
was published
for
lite-web-server
(npm)
Feb 25, 2023
ecdh vulnerable to Exposure of Resource to Wrong Sphere
High
CVE-2022-44310
was published
for
ecdh
(npm)
Feb 24, 2023
rangy vulnerable to Prototype Pollution
High
CVE-2023-26102
was published
for
rangy
(npm)
Feb 24, 2023
Regular Expression Denial of Service in Headers
High
CVE-2023-24807
was published
for
undici
(npm)
Feb 16, 2023
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)
High
CVE-2023-25653
was published
for
node-jose
(npm)
Feb 16, 2023
Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions
High
GHSA-r3vq-92c6-3mqf
was published
for
@sequelize/core
(npm)
Feb 16, 2023
•
withdrawn
Denial of service due to unlimited number of parts
High
CVE-2023-25576
was published
for
@fastify/multipart
(npm)
Feb 14, 2023
ProTip!
Advisories are also available from the
GraphQL API