Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,050 advisories

Loading
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults Moderate
CVE-2024-38997 was published for @adolph_dudu/ratio-swiper (npm) Jul 1, 2024
ag-grid-community were discovered to contain a prototype pollution via the _.mergeDeep function Moderate
CVE-2024-38996 was published for ag-grid-community (npm) Jul 1, 2024
frappejs was discovered to contain a prototype pollution via the function registerView Moderate
CVE-2024-38992 was published for @airvertco/frappejs (npm) Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty. Moderate
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024
@amoy/common v was discovered to contain a prototype pollution via the function extend Moderate
CVE-2024-38994 was published for @amoy/common (npm) Jul 1, 2024
akbr patch-into was discovered to contain a prototype pollution via the function patchInto Moderate
CVE-2024-38991 was published for @akbr/patch-into (npm) Jul 1, 2024
@fastly/js-compute has a use-after-free in some host call implementations Moderate
CVE-2024-38375 was published for @fastly/js-compute (npm) Jun 26, 2024
elliottt
Cross-site Scripting in ZenUML Moderate
CVE-2024-38527 was published for @zenuml/core (npm) Jun 26, 2024
Yash-Singh1
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC Moderate
CVE-2022-23541 was published for jsonwebtoken (npm) Dec 22, 2022
Cross site scripting in datatables.net Moderate
CVE-2021-23445 was published for datatables.net (npm) Sep 29, 2021
word-wrap vulnerable to Regular Expression Denial of Service Moderate
CVE-2023-26115 was published for word-wrap (npm) Jun 22, 2023
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
Axios Cross-Site Request Forgery Vulnerability Moderate
CVE-2023-45857 was published for axios (npm) Nov 8, 2023
vintagesucks danewilson
tough-cookie Prototype Pollution vulnerability Moderate
CVE-2023-26136 was published for tough-cookie (npm) Jul 1, 2023
axi92
Prototype Pollution in Ajv Moderate
CVE-2020-15366 was published for ajv (npm) Feb 10, 2022
matrix-appservice-irc IRC command injection via admin commands containing newlines Moderate
CVE-2023-38690 was published for matrix-appservice-irc (npm) Aug 4, 2023
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
@akbr/update Prototype Pollution Moderate
CVE-2024-36578 was published for @akbr/update (npm) Jun 17, 2024
Object Resolver Prototype Pollution Moderate
CVE-2024-36577 was published for @apphp/object-resolver (npm) Jun 17, 2024
flatten-json Prototype Pollution Moderate
CVE-2024-36574 was published for @allanlancioni/flatten-json (npm) Jun 17, 2024
obx Prototype Pollution Moderate
CVE-2024-36573 was published for @almela/obx (npm) Jun 17, 2024
Lobe Chat API Key Leak Moderate
CVE-2024-37895 was published for @lobehub/chat (npm) Jun 17, 2024
zhuozhiyongde
Badger Database Prototype Pollution Moderate
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
ProTip! Advisories are also available from the GraphQL API