GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
133 advisories
Filter by severity
Parse Server stores password in plain text
Low
CVE-2020-26288
was published
for
parse-server
(npm)
Dec 28, 2020
User content sandbox can be confused into opening arbitrary documents
Low
CVE-2021-21320
was published
for
matrix-react-sdk
(npm)
Mar 3, 2021
Path traversal in Node-Red
Low
CVE-2021-21298
was published
for
@node-red/runtime
(npm)
Feb 26, 2021
Token verification bug in next-auth
Low
CVE-2021-21310
was published
for
next-auth
(npm)
Feb 11, 2021
Command injection in @diez/generation
Low
CVE-2021-32830
was published
for
@diez/generation
(npm)
Sep 2, 2021
Cross-site Scripting in dijit editor's LinkDialog plugin
Low
CVE-2020-4051
was published
for
dijit
(npm)
Jun 15, 2020
Imperative CLI vulnerable to Command Injection
Low
CVE-2021-4326
was published
for
@zowe/imperative
(npm)
Mar 1, 2023
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Low
CVE-2017-18869
was published
for
chownr
(npm)
Feb 10, 2022
Regular Expression Denial of Service in clean-css
Low
GHSA-wxhq-pm8v-cw75
was published
for
clean-css
(npm)
Jun 5, 2019
Regular Expression Denial of Service in marked
Low
GHSA-ch52-vgq2-943f
was published
for
marked
(npm)
Sep 3, 2020
The `size` option isn't honored after following a redirect in node-fetch
Low
CVE-2020-15168
was published
for
node-fetch
(npm)
Sep 10, 2020
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces
Low
GHSA-68jh-rf6x-836f
was published
for
@apollo/server
(npm)
Jun 16, 2023
@keystone-6/core's bundled cuid package known to be insecure
Low
GHSA-5fp6-4xw3-xqq3
was published
for
@keystone-6/core
(npm)
Jun 12, 2023
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
sweetalert2 v11.4.9 and above contains hidden functionality
Low
GHSA-qq6h-5g6j-q3cm
was published
for
sweetalert2
(npm)
Nov 23, 2022
Vendure Cross Site Request Forgery vulnerability impacting all API requests
Low
GHSA-h9wq-xcqx-mqxm
was published
for
@vendure/core
(npm)
Jul 11, 2023
Stylelint has vulnerability in semver dependency
Low
GHSA-f7xj-rg7h-mc87
was published
for
stylelint
(npm)
Jul 7, 2023
•
withdrawn
Regular expression denial of service in jquery-validation
Low
CVE-2021-43306
was published
for
jQuery.Validation
(npm)
Jun 3, 2022
Regular expression denial of service in semver-regex
Low
CVE-2021-43307
was published
for
semver-regex
(npm)
Jun 3, 2022
Regular Expression Denial of Service (ReDoS) in jsx-slack
Low
CVE-2021-43838
was published
for
jsx-slack
(npm)
Dec 17, 2021
Renderers can obtain access to random bluetooth device without permission in Electron
Low
CVE-2022-21718
was published
for
electron
(npm)
Mar 22, 2022
Minimal `basti` IAM Policy Allows Shell Access
Low
GHSA-q4pp-j36h-3gqg
was published
for
basti-cdk
(npm)
Aug 24, 2023
ProTip!
Advisories are also available from the
GraphQL API