Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,379 advisories

qs vulnerable to Prototype Pollution High
CVE-2022-24999 was published for qs (npm) Nov 27, 2022
dougwilson
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. High
CVE-2023-51838 was published for meshcentral (npm) Feb 2, 2024
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
OS Command Injection in ssh2 High
CVE-2020-26301 was published for ssh2 (npm) Sep 21, 2021
Luxon Inefficient Regular Expression Complexity vulnerability High
CVE-2023-22467 was published for luxon (npm) Jan 9, 2023
skrtheboss remi-san
makkes canderson-activatecare rpastro cmp831
Regular Expression Denial of Service in marked High
CVE-2015-8854 was published for marked (npm) Oct 24, 2017
Denial of Service in uap-core High
CVE-2021-21317 was published for uap-core (npm) Feb 2, 2021
hoek subject to prototype pollution via the clone function. High
CVE-2020-36604 was published for @hapi/hoek (npm) Sep 25, 2022
levpachmanov
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37712 was published for tar (npm) Aug 31, 2021
JarLob chen-robert
ginkoid levpachmanov
flatnest Prototype Pollution vulnerability High
CVE-2023-26135 was published for flatnest (npm) Jun 30, 2023
Arbitrary Code Execution in handlebars High
GHSA-2cf5-4w76-r9qv was published for handlebars (npm) Sep 4, 2020
chalbersma
MeshCentral algorithm-downgrade issue High
CVE-2023-51842 was published for meshcentral (npm) Jan 29, 2024
Yarn untrusted search path vulnerability High
CVE-2021-4435 was published for yarn (npm) Feb 4, 2024
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37701 was published for tar (npm) Aug 31, 2021
chen-robert ginkoid
levpachmanov
MathJax Regular expression Denial of Service (ReDoS) High
CVE-2023-39663 was published for mathjax (npm) Aug 29, 2023
react-query-streamed-hydration Cross-site Scripting vulnerability High
CVE-2024-24558 was published for @tanstack/react-query-next-experimental (npm) Jan 30, 2024
phryneas
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability High
CVE-2024-23841 was published for @apollo/experimental-nextjs-app-support (npm) Jan 30, 2024
phryneas IkeMurami
peakematt
@urql/next Cross-site Scripting vulnerability High
CVE-2024-24556 was published for @urql/next (npm) Jan 30, 2024
network Arbitrary Command Injection vulnerability High
CVE-2024-21488 was published for network (npm) Jan 30, 2024
Denial of Service in http-proxy High
GHSA-6x33-pw7p-hmpq was published for http-proxy (npm) Sep 4, 2020
chalbersma
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning High
CVE-2021-32803 was published for tar (npm) Aug 3, 2021
ginkoid chen-robert
levpachmanov
Prototype Pollution in lodash High
CVE-2020-8203 was published for lodash (npm) Jul 15, 2020
mitchell-codecov jkmartindale
bengry greengeko tompazourek
fast-xml-parser vulnerable to Regex Injection via Doctype Entities High
CVE-2023-34104 was published for fast-xml-parser (npm) Jun 6, 2023
7085 levpachmanov
Sending a GET or HEAD request with a body crashes SvelteKit High
CVE-2024-23641 was published for @sveltejs/adapter-node (npm) Jan 24, 2024
kamerat Rich-Harris
Conduitry dominikg benmccann
ProTip! Advisories are also available from the GraphQL API