Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,125 advisories

Loading
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
Glossarizer Cross-site Scripting vulnerability Moderate
CVE-2024-42515 was published for glossarizer (npm) Oct 31, 2024
Langchain Path Traversal vulnerability Moderate
CVE-2024-7774 was published for langchain (npm) Oct 29, 2024
hinthornw
Generation of Error Message Containing Sensitive Information in zsa Moderate
CVE-2024-37162 was published for zsa (npm) Jun 6, 2024
tom-sherman
OpenC3 stores passwords in clear text (`GHSL-2024-129`) Moderate
CVE-2024-47529 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`) Moderate
CVE-2024-43795 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
CycloneDX cdxgen may execute code contained within build-related files Moderate
CVE-2024-50611 was published for @cyclonedx/cdxgen (npm) Oct 28, 2024
useragent Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26311 was published for useragent (npm) Oct 26, 2024
Ghost's improper authentication allows access to member information and actions Moderate
CVE-2024-43409 was published for @tryghost/portal (npm) Aug 20, 2024
1337Nerd
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label Moderate
CVE-2022-31160 was published for jQuery.UI.Combined (RubyGems) Jul 18, 2022
Elkano c960657
nope-validator Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26309 was published for nope-validator (npm) Oct 26, 2024
validate.js Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26308 was published for validate.js (npm) Oct 26, 2024
Knwl.js Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26306 was published for knwl.js (npm) Oct 26, 2024
CommonRegexJS Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26305 was published for commonregex (npm) Oct 26, 2024
Foundation Regular Expression Denial of Service vulnerability Moderate
CVE-2020-26304 was published for foundation-sites (npm) Oct 26, 2024
insane vulnerable to Regular Expression Denial of Service Moderate
CVE-2020-26303 was published for insane (npm) Oct 26, 2024
Hano allows bypass of CSRF Middleware by a request without Content-Type header. Moderate
CVE-2024-48913 was published for hono (npm) Oct 15, 2024
KageShiron
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section Moderate
CVE-2024-47819 was published for @umbraco-cms/backoffice (npm) Oct 22, 2024
DuongPhamm
Slim Select has potential Cross-site Scripting issue Moderate
CVE-2024-9440 was published for slim-select (npm) Oct 2, 2024
m3t3kh4n bermannoah
Cross site scripting in markdown-to-jsx Moderate
CVE-2024-21535 was published for markdown-to-jsx (npm) Oct 15, 2024
Cross-site scripting (XSS) in the clipboard package Moderate
CVE-2024-45613 was published for @ckeditor/ckeditor5-clipboard (npm) Sep 25, 2024
DOM Clobbering Gadget found in astro's client-side router that leads to XSS Moderate
CVE-2024-47885 was published for astro (npm) Oct 14, 2024
jackfromeast ishmeals
Denial of Service condition in Next.js image optimization Moderate
CVE-2024-47831 was published for next (npm) Oct 14, 2024
Cross-Site Scripting in jquery Moderate
CVE-2020-7656 was published for jQuery (RubyGems) May 20, 2020
klaudialax eoftedal
ggit is vulnerable to Arbitrary Argument Injection via the clone() API Moderate
CVE-2024-21533 was published for ggit (npm) Oct 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database