GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,050 advisories
Filter by severity
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Moderate
CVE-2023-39956
was published
for
electron
(npm)
Sep 6, 2023
Electron context isolation bypass via nested unserializable return value
Moderate
CVE-2023-29198
was published
for
electron
(npm)
Sep 6, 2023
Username enumeration attack in goauthentik
Moderate
CVE-2023-39522
was published
for
@goauthentik/api
(npm)
Aug 29, 2023
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
Moderate
CVE-2023-26364
was published
for
@adobe/css-tools
(npm)
Aug 29, 2023
MongoDB Driver may publish events containing authentication-related data
Moderate
CVE-2021-32050
was published
for
github.com/mongodb/mongo-swift-driver
(Composer)
Aug 29, 2023
Cleartext Signed Message Signature Spoofing in openpgp
Moderate
CVE-2023-41037
was published
for
openpgp
(npm)
Aug 29, 2023
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content
Moderate
CVE-2023-41167
was published
for
@webiny/react-rich-text-renderer
(npm)
Aug 24, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
@excalidraw/excalidraw Cross-site Scripting vulnerability
Moderate
CVE-2023-26140
was published
for
@excalidraw/excalidraw
(npm)
Aug 16, 2023
Duplicate Advisory: @excalidraw/excalidraw Cross-site Scripting vulnerability
Moderate
GHSA-fr9g-2m2h-c27j
was published
for
@excalidraw/excalidraw
(npm)
Aug 16, 2023
•
withdrawn
Ghost vulnerable to arbitrary file read via symlinks in content import
Moderate
CVE-2023-40028
was published
for
ghost
(npm)
Aug 15, 2023
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible
Moderate
CVE-2023-40027
was published
for
@keystone-6/core
(npm)
Aug 15, 2023
Svelecte item names vulnerable to execution of arbitrary JavaScript
Moderate
CVE-2023-38687
was published
for
svelecte
(npm)
Aug 14, 2023
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Moderate
CVE-2023-40014
was published
for
@openzeppelin/contracts
(npm)
Aug 11, 2023
Critters Cross-site Scripting Vulnerability
Moderate
CVE-2023-3481
was published
for
critters
(npm)
Aug 11, 2023
Margox Braft-Editor Cross-site Scripting Vulnerability
Moderate
CVE-2021-27524
was published
for
braft-editor
(npm)
Aug 11, 2023
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
Moderate
CVE-2021-29057
was published
for
node-worker-threads-pool
(npm)
Aug 11, 2023
matrix-appservice-irc IRC command injection via admin commands containing newlines
Moderate
CVE-2023-38690
was published
for
matrix-appservice-irc
(npm)
Aug 4, 2023
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
Moderate
CVE-2023-38691
was published
for
matrix-appservice-bridge
(npm)
Aug 4, 2023
Cloudflare Wrangler directory traversal vulnerability
Moderate
CVE-2023-3348
was published
for
wrangler
(npm)
Aug 3, 2023
.eth registrar controller can shorten the duration of registered names
Moderate
CVE-2023-38698
was published
for
@ensdomains/ens-contracts
(npm)
Aug 1, 2023
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
Moderate
CVE-2023-38695
was published
for
@simonsmith/cypress-image-snapshot
(npm)
Aug 1, 2023
Incorrect Permission Checking for GraphQL Subscriptions
Moderate
CVE-2023-38503
was published
for
directus
(npm)
Jul 25, 2023
Unintentional leakage of private information via cross-origin websocket session hijacking
Moderate
CVE-2023-2850
was published
for
nodebb
(npm)
Jul 25, 2023
Making all attributes on a content-type public without noticing it
Moderate
CVE-2023-34093
was published
for
@strapi/database
(npm)
Jul 25, 2023
ProTip!
Advisories are also available from the
GraphQL API