GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,379 advisories
Filter by severity
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
High
CVE-2023-51838
was published
for
meshcentral
(npm)
Feb 2, 2024
Luxon Inefficient Regular Expression Complexity vulnerability
High
CVE-2023-22467
was published
for
luxon
(npm)
Jan 9, 2023
Regular Expression Denial of Service in marked
High
CVE-2015-8854
was published
for
marked
(npm)
Oct 24, 2017
hoek subject to prototype pollution via the clone function.
High
CVE-2020-36604
was published
for
@hapi/hoek
(npm)
Sep 25, 2022
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37712
was published
for
tar
(npm)
Aug 31, 2021
flatnest Prototype Pollution vulnerability
High
CVE-2023-26135
was published
for
flatnest
(npm)
Jun 30, 2023
Arbitrary Code Execution in handlebars
High
GHSA-2cf5-4w76-r9qv
was published
for
handlebars
(npm)
Sep 4, 2020
MeshCentral algorithm-downgrade issue
High
CVE-2023-51842
was published
for
meshcentral
(npm)
Jan 29, 2024
Yarn untrusted search path vulnerability
High
CVE-2021-4435
was published
for
yarn
(npm)
Feb 4, 2024
@backstage/backend-app-api leaks GitLab access tokens
High
CVE-2023-6944
was published
for
@backstage/backend-app-api
(npm)
Jan 4, 2024
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
High
CVE-2021-37701
was published
for
tar
(npm)
Aug 31, 2021
MathJax Regular expression Denial of Service (ReDoS)
High
CVE-2023-39663
was published
for
mathjax
(npm)
Aug 29, 2023
react-query-streamed-hydration Cross-site Scripting vulnerability
High
CVE-2024-24558
was published
for
@tanstack/react-query-next-experimental
(npm)
Jan 30, 2024
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
High
CVE-2024-23841
was published
for
@apollo/experimental-nextjs-app-support
(npm)
Jan 30, 2024
@urql/next Cross-site Scripting vulnerability
High
CVE-2024-24556
was published
for
@urql/next
(npm)
Jan 30, 2024
network Arbitrary Command Injection vulnerability
High
CVE-2024-21488
was published
for
network
(npm)
Jan 30, 2024
Denial of Service in http-proxy
High
GHSA-6x33-pw7p-hmpq
was published
for
http-proxy
(npm)
Sep 4, 2020
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
High
CVE-2021-32803
was published
for
tar
(npm)
Aug 3, 2021
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
High
CVE-2023-34104
was published
for
fast-xml-parser
(npm)
Jun 6, 2023
Sending a GET or HEAD request with a body crashes SvelteKit
High
CVE-2024-23641
was published
for
@sveltejs/adapter-node
(npm)
Jan 24, 2024
ProTip!
Advisories are also available from the
GraphQL API