GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,544 advisories
Filter by severity
tough-cookie Prototype Pollution vulnerability
Moderate
CVE-2023-26136
was published
for
tough-cookie
(npm)
Jul 1, 2023
Axios Cross-Site Request Forgery Vulnerability
Moderate
CVE-2023-45857
was published
for
axios
(npm)
Nov 8, 2023
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
word-wrap vulnerable to Regular Expression Denial of Service
Moderate
CVE-2023-26115
was published
for
word-wrap
(npm)
Jun 22, 2023
JSZip contains Path Traversal via loadAsync
High
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
Cross site scripting in datatables.net
Moderate
CVE-2021-23445
was published
for
datatables.net
(npm)
Sep 29, 2021
jsonwebtoken unrestricted key type could lead to legacy keys usage
High
CVE-2022-23539
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
Moderate
CVE-2022-23541
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
llhttp vulnerable to HTTP request smuggling
High
CVE-2023-30589
was published
for
llhttp
(npm)
Jul 1, 2023
Cross-site Scripting in ZenUML
Moderate
CVE-2024-38527
was published
for
@zenuml/core
(npm)
Jun 26, 2024
@fastly/js-compute has a use-after-free in some host call implementations
Moderate
CVE-2024-38375
was published
for
@fastly/js-compute
(npm)
Jun 26, 2024
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
High
CVE-2020-28469
was published
for
glob-parent
(npm)
Jun 7, 2021
NPM IP package incorrectly identifies some private IP addresses as public
Low
CVE-2023-42282
was published
for
ip
(npm)
Feb 8, 2024
protobufjs Prototype Pollution vulnerability
Critical
CVE-2023-36665
was published
for
protobufjs
(npm)
Jul 5, 2023
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Critical
CVE-2024-39309
was published
for
parse-server
(npm)
Jul 1, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults
Moderate
CVE-2024-38997
was published
for
@adolph_dudu/ratio-swiper
(npm)
Jul 1, 2024
@akbr/update Prototype Pollution
Moderate
CVE-2024-36578
was published
for
@akbr/update
(npm)
Jun 17, 2024
akbr patch-into was discovered to contain a prototype pollution via the function patchInto
High
CVE-2024-38991
was published
for
@akbr/patch-into
(npm)
Jul 1, 2024
frappejs was discovered to contain a prototype pollution via the function registerView
High
CVE-2024-38992
was published
for
@airvertco/frappejs
(npm)
Jul 1, 2024
@amoy/common v was discovered to contain a prototype pollution via the function extend
High
CVE-2024-38994
was published
for
@amoy/common
(npm)
Jul 1, 2024
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Critical
CVE-2024-32962
was published
for
xml-crypto
(npm)
May 1, 2024
s3-url-parser vulnerable to Denial of Service via regexes component
High
CVE-2024-25355
was published
for
s3-url-parser
(npm)
May 1, 2024
ProTip!
Advisories are also available from the
GraphQL API