GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,516 advisories
Filter by severity
Arbitrary remote file read in Wrangler dev server
Moderate
CVE-2023-7079
was published
for
wrangler
(npm)
Jan 3, 2024
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Moderate
GHSA-gjhc-6xm7-mc8q
was published
for
tinymce
(npm)
Jan 3, 2024
•
withdrawn
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins
Moderate
GHSA-wxj2-777f-vxmf
was published
for
tinymce
(npm)
Jan 3, 2024
•
withdrawn
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Moderate
GHSA-q5pp-5q2h-g8rv
was published
for
tinymce
(npm)
Jan 3, 2024
•
withdrawn
CouchAuth host header injection vulnerability leaks the password reset token
High
CVE-2023-39655
was published
for
@perfood/couch-auth
(npm)
Jan 3, 2024
plotly.js prototype pollution vulnerability
Critical
CVE-2023-46308
was published
for
plotly.js
(Composer)
Jan 3, 2024
Follow Redirects improperly handles URLs in the url.parse() function
Moderate
CVE-2023-26159
was published
for
follow-redirects
(npm)
Jan 2, 2024
Layui cross-site scripting (XSS) vulnerability
Moderate
CVE-2023-50550
was published
for
layui
(npm)
Dec 30, 2023
Miniflare vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2023-7078
was published
for
miniflare
(npm)
Dec 29, 2023
msgpackr's conversion of property names to strings can trigger infinite recursion
High
CVE-2023-52079
was published
for
msgpackr
(npm)
Dec 28, 2023
blinksocks has weak encryption algorithms
Moderate
CVE-2023-50481
was published
for
blinksocks
(npm)
Dec 21, 2023
bsock uses weak hashing algorithms
Critical
CVE-2023-50475
was published
for
bsock
(npm)
Dec 21, 2023
Pedroetb TTS-API OS Command Injection
Critical
CVE-2019-25158
was published
for
tts-api
(npm)
Dec 19, 2023
Sentry's Astro SDK vulnerable to ReDoS
High
CVE-2023-50249
was published
for
@sentry/astro
(npm)
Dec 18, 2023
Unauthenticated Denial of Service in the octokit/webhooks library
High
CVE-2023-50728
was published
for
@octokit/app
(npm)
Dec 16, 2023
Cross-site Scripting in @spscommerce/ds-react
Critical
GHSA-cfxh-frx4-9gjg
was published
for
@spscommerce/ds-react
(npm)
Dec 15, 2023
Named path parameters can be overridden in TrieRouter
Moderate
CVE-2023-50710
was published
for
hono
(npm)
Dec 15, 2023
Cube API denial of service attack
Moderate
CVE-2023-50709
was published
for
@cubejs-backend/api-gateway
(npm)
Dec 13, 2023
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
Password Change Vulnerability
Moderate
CVE-2023-49804
was published
for
uptime-kuma
(npm)
Dec 12, 2023
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Moderate
CVE-2023-49798
was published
for
@openzeppelin/contracts
(npm)
Dec 12, 2023
DOS by abusing `fetchOptions.retry`.
High
CVE-2023-49800
was published
for
nuxt-api-party
(npm)
Dec 11, 2023
Directory Traversal in evershop
High
CVE-2023-46496
was published
for
@evershop/evershop
(npm)
Dec 8, 2023
ProTip!
Advisories are also available from the
GraphQL API